ImageMagick 7.0.7-0 Q16 coders/sixel.c sixel_decode null pointer dereference

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in ImageMagick 7.0.7-0 Q16 (Image Processing Software). It has been declared as problematic. Affected by this vulnerability is the function sixel_decode of the file coders/sixel.c. Upgrading eliminates this vulnerability. A possible mitigation has been published 10 months after the disclosure of the vulnerability.

Field09/21/2017 09:47 PM11/18/2019 02:51 PM01/13/2021 06:01 PM
typeImage Processing SoftwareImage Processing SoftwareImage Processing Software
nameImageMagickImageMagickImageMagick
version7.0.7-0 Q167.0.7-0 Q167.0.7-0 Q16
filecoders/sixel.ccoders/sixel.ccoders/sixel.c
functionsixel_decodesixel_decodesixel_decode
cwe476 (denial of service)476 (denial of service)476 (denial of service)
risk111
historic000
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore3.93.93.9
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore7.57.57.5
cvss3_meta_tempscore6.66.66.6
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore4.74.74.7
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1505952000 (09/21/2017)1505952000 (09/21/2017)1505952000 (09/21/2017)
locationGitHub RepositoryGitHub RepositoryGitHub Repository
urlhttps://github.com/ImageMagick/ImageMagick/issues/720https://github.com/ImageMagick/ImageMagick/issues/720https://github.com/ImageMagick/ImageMagick/issues/720
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2017-14626CVE-2017-14626CVE-2017-14626
cve_assigned150595200015059520001505952000
cve_nvd_published150595200015059520001505952000
cve_nvd_summaryImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
securityfocus100943100943100943
securityfocus_titleImageMagick CVE-2017-14626 Denial of Service VulnerabilityImageMagick CVE-2017-14626 Denial of Service VulnerabilityImageMagick CVE-2017-14626 Denial of Service Vulnerability
nessus_riskHighHighHigh
nessus_typelocallocallocal
nessus_date1528848000 (06/13/2018)1528848000 (06/13/2018)1528848000 (06/13/2018)
seealso106943 106944 107000 107501 107512 111080 111826 115280 118619106943 106944 107000 107501 107512 111080 111826 115280 118619106943 106944 107000 107501 107512 111080 111826 115280 118619
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcUCUCUC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcUUU
reaction_days264264264
0day_days181818
exposure_days264264264
person_nicknameVenustechVenustechVenustech
cvss3_nvd_basescore9.89.89.8
discoverydate15043968001504396800
company_nameAdlab of VenustechAdlab of Venustech
confirm_urlhttps://github.com/ImageMagick/ImageMagick/issues/720https://github.com/ImageMagick/ImageMagick/issues/720
nameUpgradeUpgrade
date1528761600 (06/12/2018)1528761600 (06/12/2018)
securityfocus_date1505952000 (09/21/2017)1505952000 (09/21/2017)
securityfocus_classFailure to Handle Exceptional ConditionsFailure to Handle Exceptional Conditions
nessus_id110516110516
nessus_nameUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)
nessus_filenameubuntu_USN-3681-1.naslubuntu_USN-3681-1.nasl
nessus_familyUbuntu Local Security ChecksUbuntu Local Security Checks
openvas_filenamegb_ubuntu_USN_3681_1.naslgb_ubuntu_USN_3681_1.nasl
openvas_titleUbuntu Update for imagemagick USN-3681-1Ubuntu Update for imagemagick USN-3681-1
openvas_familyUbuntu Local Security ChecksUbuntu Local Security Checks
person_nameADLab
cvss2_nvd_basescore7.5

Want to stay up to date on a daily basis?

Enable the mail alert feature now!