CVE-2017-12428 - Vulnerability Details - OpenCVE

ReportizFlow

In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Imagemagick	Imagemagick

Configuration 1 [-]

cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/100145
https://github.com/ImageMagick/ImageMagick/issues/544
https://nvd.nist.gov/vuln/detail/CVE-2017-12428
https://www.cve.org/CVERecord?id=CVE-2017-12428
https://www.debian.org/security/2017/dsa-4019

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-04T10:00:00

Updated: 2024-08-05T18:36:56.396Z

Reserved: 2017-08-04T00:00:00

Link: CVE-2017-12428

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-08-04T10:29:00.210

Modified: 2024-11-21T03:09:27.860

Link: CVE-2017-12428

Redhat

Severity : Low

Publid Date: 2017-08-04T00:00:00Z

Links: CVE-2017-12428 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-08-04T00:00:00", "descriptions": [{"lang": "en", "value": "In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-06T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/issues/544"}, {"name": "100145", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100145"}, {"name": "DSA-4019", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4019"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2017-12428", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ImageMagick/ImageMagick/issues/544", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/544"}, {"name": "100145", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100145"}, {"name": "DSA-4019", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4019"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:36:56.396Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ImageMagick/ImageMagick/issues/544"}, {"name": "100145", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100145"}, {"name": "DSA-4019", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-4019"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12428", "datePublished": "2017-08-04T10:00:00", "dateReserved": "2017-08-04T00:00:00", "dateUpdated": "2024-08-05T18:36:56.396Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*", "matchCriteriaId": "72A6252A-35A7-4D74-AF0E-0A7B4B12B146", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de filtrado de memoria en ImageMagick 7.0.6-1 en la funci\u00f3n ReadWMFImage en coders/wmf.c. Esta vulnerabilidad permite que los atacantes provoquen una denegaci\u00f3n de servicio en CloneDrawInfo en draw.c."}], "id": "CVE-2017-12428", "lastModified": "2024-11-21T03:09:27.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2017-08-04T10:29:00.210", "references": [{"source": "[email protected]", "url": "http://www.securityfocus.com/bid/100145"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/issues/544"}, {"source": "[email protected]", "url": "https://www.debian.org/security/2017/dsa-4019"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/100145"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/issues/544"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2017/dsa-4019"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "[email protected]", "type": "Primary"}]}