CVE-2017-13142

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.

References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3

Fixed

aa84944b405acebbeefe871d0f64969b9e9f31ac

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "function": "ReadJNGImage",
            "file": "coders/png.c"
        },
        "digest": {
            "function_hash": "13362347524342574384703566397225583800",
            "length": 1780.0
        },
        "deprecated": false,
        "id": "CVE-2017-13142-19b52e47",
        "source": "https://github.com/imagemagick/imagemagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac"
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "coders/png.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "326455609614866216940399476301549101549",
                "338851730033346989660434756888564546153",
                "44294244353091790537575886470667833785",
                "87918053458789940417427346190879973218",
                "206626609952949880988900363433539476092",
                "94316465618056777476068442927907929918",
                "336280751748461001034724222194573890329",
                "13177914361786081372019547463312677513",
                "281776593149918802769634087651493180732",
                "31206271938955338109084416140681765772",
                "143527741848806246441078432509189604832",
                "75352460657413525463325341840953390484",
                "169177708921285482016019561524981098429",
                "307766291800298046098288038094017243089",
                "143527741848806246441078432509189604832",
                "75352460657413525463325341840953390484",
                "19129643977660818524009288121207423250",
                "326507896281541959498116083068804831307",
                "143527741848806246441078432509189604832",
                "75352460657413525463325341840953390484",
                "28939437120756539382551927478592430687",
                "227357390326523695636950810791924363103",
                "143527741848806246441078432509189604832",
                "75352460657413525463325341840953390484",
                "68932679923570968636578141130124287885",
                "161102974961491600439550351012086307366",
                "143527741848806246441078432509189604832",
                "75352460657413525463325341840953390484",
                "310918440111508541374788640043860926624",
                "2751514919007922447653913115756251173",
                "143527741848806246441078432509189604832",
                "75352460657413525463325341840953390484",
                "235405393893807743334293318543131679754",
                "226496798902684702410392987469587660142",
                "143527741848806246441078432509189604832",
                "75352460657413525463325341840953390484",
                "19129643977660818524009288121207423250",
                "148167523877645622947011208907551155149",
                "288193433879498239135985394746808646721",
                "252888731537555377260870805708742356976",
                "335182501040967392748415650463539994004",
                "71463701511315571789231263030200694586"
            ]
        },
        "deprecated": false,
        "id": "CVE-2017-13142-37adb5af",
        "source": "https://github.com/imagemagick/imagemagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac"
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "function": "ReadOneJNGImage",
            "file": "coders/png.c"
        },
        "digest": {
            "function_hash": "48252386081850201196127466629274954997",
            "length": 13778.0
        },
        "deprecated": false,
        "id": "CVE-2017-13142-53d48158",
        "source": "https://github.com/imagemagick/imagemagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3"
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "function": "ReadPNGImage",
            "file": "coders/png.c"
        },
        "digest": {
            "function_hash": "304589208402044349893746777234291186036",
            "length": 2975.0
        },
        "deprecated": false,
        "id": "CVE-2017-13142-55110b63",
        "source": "https://github.com/imagemagick/imagemagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac"
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "function": "ReadOneMNGImage",
            "file": "coders/png.c"
        },
        "digest": {
            "function_hash": "39950147133060621481976959969344460986",
            "length": 44799.0
        },
        "deprecated": false,
        "id": "CVE-2017-13142-735c5607",
        "source": "https://github.com/imagemagick/imagemagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3"
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "function": "RegisterPNGImage",
            "file": "coders/png.c"
        },
        "digest": {
            "function_hash": "156256479764466560784844995638608769021",
            "length": 5237.0
        },
        "deprecated": false,
        "id": "CVE-2017-13142-a3eb0bc0",
        "source": "https://github.com/imagemagick/imagemagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac"
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "coders/png.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "309571721015615486280371720082855428490",
                "204207590968782268948368537037891243267",
                "83659384441276588822447506636471393683",
                "288115673239882816567027482483297148855",
                "309571721015615486280371720082855428490",
                "204207590968782268948368537037891243267",
                "83659384441276588822447506636471393683",
                "288115673239882816567027482483297148855"
            ]
        },
        "deprecated": false,
        "id": "CVE-2017-13142-b61d267c",
        "source": "https://github.com/imagemagick/imagemagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3"
    }
]

Git / github.com/imagemagick/imagemagick6

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected