CVE-2017-16546
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-16546
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16546.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-16546
- Downstream
- Related
- Published
- 2017-11-05T22:29:00Z
- Modified
- 2025-10-10T01:03:14.579077Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
- References
-
- https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
- https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816
- https://github.com/ImageMagick/ImageMagick/issues/851
- https://usn.ubuntu.com/3681-1/
- https://www.debian.org/security/2017/dsa-4040
- https://www.debian.org/security/2017/dsa-4074
Affected packages
Git / github.com/imagemagick/imagemagick
Affected ranges
- Type
- GIT
- Repo
- https://github.com/imagemagick/imagemagick
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
7.*
7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.2-0
7.0.2-1
7.0.2-10
7.0.2-2
7.0.2-3
7.0.2-4
7.0.2-5
7.0.2-6
7.0.2-7
7.0.2-8
7.0.2-9
7.0.3-0
7.0.3-1
7.0.3-10
7.0.3-2
7.0.3-3
7.0.3-4
7.0.3-5
7.0.3-6
7.0.3-7
7.0.3-8
7.0.3-9
7.0.4-0
7.0.4-1
7.0.4-10
7.0.4-2
7.0.4-3
7.0.4-4
7.0.4-5
7.0.4-6
7.0.4-7
7.0.4-8
7.0.4-9
7.0.5-0
7.0.5-1
7.0.5-10
7.0.5-2
7.0.5-3
7.0.5-4
7.0.5-5
7.0.5-6
7.0.5-7
7.0.5-8
7.0.5-9
7.0.6-0
7.0.6-1
7.0.6-2
7.0.6-3
7.0.6-4
7.0.6-5
7.0.6-6
7.0.6-7
7.0.6-8
7.0.6-9
7.0.7-0
7.0.7-1
7.0.7-2
7.0.7-3
7.0.7-4
7.0.7-5
7.0.7-6
7.0.7-8
7.0.7-9
7.0.7.7
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2017-16546-1a59bbd4",
"digest": {
"line_hashes": [
"239037879911661576146958638240697473991",
"6775137549662369651095735069313677055",
"230263286374246415018531447678239154621",
"167777559930016920714550450146410033513"
],
"threshold": 0.9
},
"source": "https://github.com/imagemagick/imagemagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53",
"signature_version": "v1",
"target": {
"file": "coders/wpg.c"
},
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2017-16546-71e01bf3",
"digest": {
"length": 12071.0,
"function_hash": "120950539745086131144898489314772176044"
},
"source": "https://github.com/imagemagick/imagemagick/commit/e04cf3e9524f50ca336253513d977224e083b816",
"signature_version": "v1",
"target": {
"function": "ReadWPGImage",
"file": "coders/wpg.c"
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2017-16546-9dbc3eb1",
"digest": {
"length": 12161.0,
"function_hash": "45674372341530071912301067453092590117"
},
"source": "https://github.com/imagemagick/imagemagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53",
"signature_version": "v1",
"target": {
"function": "ReadWPGImage",
"file": "coders/wpg.c"
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2017-16546-b18edb87",
"digest": {
"line_hashes": [
"6775137549662369651095735069313677055",
"230263286374246415018531447678239154621",
"265662654767131670731158258118047212943",
"328812252873929144357777357305708714005"
],
"threshold": 0.9
},
"source": "https://github.com/imagemagick/imagemagick/commit/e04cf3e9524f50ca336253513d977224e083b816",
"signature_version": "v1",
"target": {
"file": "coders/wpg.c"
},
"deprecated": false,
"signature_type": "Line"
}
]
}