GraphicsMagick 1.3.26 magick/describe.c DescribeImage out-of-bounds
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.1 | $0-$5k | 0.00 |
Summary
A vulnerability was found in GraphicsMagick 1.3.26. It has been declared as critical. The affected element is the function DescribeImage of the file magick/describe.c. Such manipulation leads to out-of-bounds.
This vulnerability is traded as CVE-2017-16353. The attack may be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
Details
A vulnerability, which was classified as critical, has been found in GraphicsMagick 1.3.26 (Image Processing Software). Affected by this issue is the function DescribeImage of the file magick/describe.c. The manipulation with an unknown input leads to a out-of-bounds vulnerability. Using CWE to declare the problem leads to CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
The bug was discovered 11/01/2017. The weakness was shared 11/01/2017 (Website). The advisory is shared for download at ftp.graphicsmagick.org. This vulnerability is handled as CVE-2017-16353 since 11/01/2017. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. Technical details as well as a public exploit are known.
The exploit is available at exploit-db.com. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 104397 (Debian DLA-1159-1 : graphicsmagick security update), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 277107 (Fedora Security Update for GraphicsMagick (FEDORA-2018-bfb9835edd)).
Upgrading eliminates this vulnerability. A possible mitigation has been published 2 days after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Exploit-DB (43111), Tenable (104397) and SecurityFocus (BID 101653†). The entries VDB-105693, VDB-108883, VDB-110823 and VDB-110824 are related to this item. Once again VulDB remains the best source for vulnerability data.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.4VulDB Meta Temp Score: 6.1
VulDB Base Score: 6.3
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Out-of-boundsCWE: CWE-125 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 104397
Nessus Name: Debian DLA-1159-1 : graphicsmagick security update
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 867101
OpenVAS Name: Fedora Update for GraphicsMagick FEDORA-2018-bfb9835edd
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
11/01/2017 🔍11/01/2017 🔍
11/01/2017 🔍
11/01/2017 🔍
11/01/2017 🔍
11/02/2017 🔍
11/03/2017 🔍
11/06/2017 🔍
03/27/2025 🔍
Sources
Advisory: USN-4232-1Researcher: Jeremy Heng
Status: Confirmed
CVE: CVE-2017-16353 (🔍)
GCVE (CVE): GCVE-0-2017-16353
GCVE (VulDB): GCVE-100-108884
OVAL: 🔍
SecurityFocus: 101653 - GraphicsMagick CVE-2017-16353 Information Disclosure Vulnerability
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 11/02/2017 08:07Updated: 03/27/2025 07:33
Changes: 11/02/2017 08:07 (71), 12/02/2019 16:49 (13), 01/21/2021 13:29 (3), 01/05/2023 14:23 (3), 03/27/2025 07:33 (16)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.