VDB-106945 · CVE-2017-14626 · BID 100943

ImageMagick 7.0.7-0 Q16 coders/sixel.c sixel_decode null pointer dereference

A vulnerability was found in ImageMagick 7.0.7-0 Q16 (Image Processing Software). It has been declared as problematic. Affected by this vulnerability is the function sixel_decode of the file coders/sixel.c. Upgrading eliminates this vulnerability. A possible mitigation has been published 10 months after the disclosure of the vulnerability.

Field	09/21/2017 09:47 PM	11/18/2019 02:51 PM	01/13/2021 06:01 PM
type	Image Processing Software	Image Processing Software	Image Processing Software
name	ImageMagick	ImageMagick	ImageMagick
version	7.0.7-0 Q16	7.0.7-0 Q16	7.0.7-0 Q16
file	coders/sixel.c	coders/sixel.c	coders/sixel.c
function	sixel_decode	sixel_decode	sixel_decode
cwe	476 (denial of service)	476 (denial of service)	476 (denial of service)
risk	1	1	1
historic	0	0	0
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	3.9	3.9	3.9
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss2_nvd_av	N	N	N
cvss2_nvd_ac	L	L	L
cvss2_nvd_au	N	N	N
cvss2_nvd_ci	P	P	P
cvss2_nvd_ii	P	P	P
cvss2_nvd_ai	P	P	P
cvss3_meta_basescore	7.5	7.5	7.5
cvss3_meta_tempscore	6.6	6.6	6.6
cvss3_vuldb_basescore	5.3	5.3	5.3
cvss3_vuldb_tempscore	4.7	4.7	4.7
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	N	N	N
cvss3_nvd_ui	N	N	N
cvss3_nvd_s	U	U	U
cvss3_nvd_c	H	H	H
cvss3_nvd_i	H	H	H
cvss3_nvd_a	H	H	H
date	1505952000 (09/21/2017)	1505952000 (09/21/2017)	1505952000 (09/21/2017)
location	GitHub Repository	GitHub Repository	GitHub Repository
url	https://github.com/ImageMagick/ImageMagick/issues/720	https://github.com/ImageMagick/ImageMagick/issues/720	https://github.com/ImageMagick/ImageMagick/issues/720
price_0day	$0-$5k	$0-$5k	$0-$5k
cve	CVE-2017-14626	CVE-2017-14626	CVE-2017-14626
cve_assigned	1505952000	1505952000	1505952000
cve_nvd_published	1505952000	1505952000	1505952000
cve_nvd_summary	ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.	ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.	ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
securityfocus	100943	100943	100943
securityfocus_title	ImageMagick CVE-2017-14626 Denial of Service Vulnerability	ImageMagick CVE-2017-14626 Denial of Service Vulnerability	ImageMagick CVE-2017-14626 Denial of Service Vulnerability
nessus_risk	High	High	High
nessus_type	local	local	local
nessus_date	1528848000 (06/13/2018)	1528848000 (06/13/2018)	1528848000 (06/13/2018)
seealso	106943 106944 107000 107501 107512 111080 111826 115280 118619	106943 106944 107000 107501 107512 111080 111826 115280 118619	106943 106944 107000 107501 107512 111080 111826 115280 118619
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	UC	UC	UC
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	U	U	U
reaction_days	264	264	264
0day_days	18	18	18
exposure_days	264	264	264
person_nickname	Venustech	Venustech	Venustech
cvss3_nvd_basescore	9.8	9.8	9.8
discoverydate		1504396800	1504396800
company_name		Adlab of Venustech	Adlab of Venustech
confirm_url		https://github.com/ImageMagick/ImageMagick/issues/720	https://github.com/ImageMagick/ImageMagick/issues/720
name		Upgrade	Upgrade
date		1528761600 (06/12/2018)	1528761600 (06/12/2018)
securityfocus_date		1505952000 (09/21/2017)	1505952000 (09/21/2017)
securityfocus_class		Failure to Handle Exceptional Conditions	Failure to Handle Exceptional Conditions
nessus_id		110516	110516
nessus_name		Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)
nessus_filename		ubuntu_USN-3681-1.nasl	ubuntu_USN-3681-1.nasl
nessus_family		Ubuntu Local Security Checks	Ubuntu Local Security Checks
openvas_filename		gb_ubuntu_USN_3681_1.nasl	gb_ubuntu_USN_3681_1.nasl
openvas_title		Ubuntu Update for imagemagick USN-3681-1	Ubuntu Update for imagemagick USN-3681-1
openvas_family		Ubuntu Local Security Checks	Ubuntu Local Security Checks
person_name			ADLab
cvss2_nvd_basescore			7.5

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!