CVE-2017-11449
19.07.2017, 07:29
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 𝑥 < 6.9.9-0 |
| imagemagick | imagemagick | 7.0.0-0 ≤ 𝑥 < 7.0.6-1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ImageMagick |
| ||||||||||||||||||||||||||||||
| ImageMagick-config-6-SUSE |
| ||||||||||||||||||||||||||||||
| ImageMagick-config-6-upstream |
| ||||||||||||||||||||||||||||||
| libMagick++-6_Q16-3 |
| ||||||||||||||||||||||||||||||
| libMagickCore-6_Q16-1 |
| ||||||||||||||||||||||||||||||
| libMagickCore-6_Q16-1-32bit |
| ||||||||||||||||||||||||||||||
| libMagickWand-6_Q16-1 |
|
References