CVE-2017-5508

Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.

References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c073a7712d82476b5fbee74856c46b88af9c3175

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "64327381050776383374483875130080754838",
            "length": 23249.0
        },
        "target": {
            "file": "coders/tiff.c",
            "function": "ReadTIFFImage"
        },
        "signature_version": "v1",
        "id": "CVE-2017-5508-8c565714",
        "deprecated": false,
        "source": "https://github.com/imagemagick/imagemagick/commit/c073a7712d82476b5fbee74856c46b88af9c3175"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "339783385470963704518081453680787509394",
                "170187431441979370390447072169831908618",
                "64693590836930932883851585134442121071",
                "90088925699755770610197656072186626388",
                "31699036766545690104974140604545672305"
            ]
        },
        "target": {
            "file": "coders/tiff.c"
        },
        "signature_version": "v1",
        "id": "CVE-2017-5508-f2ebedec",
        "deprecated": false,
        "source": "https://github.com/imagemagick/imagemagick/commit/c073a7712d82476b5fbee74856c46b88af9c3175"
    }
]

Git / github.com/imagemagick/imagemagick6

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected