CVE-2017-13140

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-13140
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13140.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-13140
Downstream
Related
Published
2017-08-23T06:29:00.230Z
Modified
2025-12-05T23:53:27.602247Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICKWIDTHLIMIT.

References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type
GIT
Repo
https://github.com/imagemagick/imagemagick
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
01588fbdd5469847e919b472e8bfbd69bef0d652
Last affected
044a9bc056a8e0a7979009b41901e97640626257
Last affected
104b6c96a4d7cd159f234a8f8fa1b4649b1d7286
Last affected
1a5fed605982a1a20e8e9bd57502e2ce94d7dc3e
Last affected
25ea4de824468525f809ed1d62946626cb6e8aa6
Last affected
2615e69b7e7d72e3bd5eef828708d08d1490b7fe
Last affected
28b7715cc32e487462782f6e4ad5bf4aeb239a66
Last affected
3448b33066a13a5d51dce90ffd083a6106f43e40
Last affected
373421274fc8d81199b212c873621015637a5853
Last affected
3cf86f2d1d1ef36d99879c6e5d206138a72e156a
Last affected
3f3a32e0563505929765d6393cfb3a38ebfae4bd
Last affected
4c1b1053f61fb4dd106f8843bddd7232dc325931
Last affected
56a7ae7ca78a970a06115ac03876d5922124ea37
Last affected
56ef04875ca6ff0078f7929364d444f2fb6408e0
Last affected
580b68fc398b9bf7ec1a025524f294ce76fcf521
Last affected
59ff8f4d216c030529c39fbefbd13fed45a29c63
Last affected
5bb8534ea2810eec19875191581e96ed4f519411
Last affected
5cbdc8e011effc2ca5d2c6f15377263105c152a2
Last affected
62fa2bf87a80433e19ac240aeb4c769c3120a49a
Last affected
72fc458e010f709b5383baba6dc736d8cd60188f
Last affected
74390c5db097bf7ac36f1cfc5f3128b84ff14ebe
Last affected
800400ddc64a431706bbe59c8bee3c35138bafc5
Last affected
80973288d5cb3fd6165a7ac3e2e88344229bf465
Last affected
83da034c73811a457239b0de644bdad0e3d64360
Last affected
8af0c7343af5ecda6a99611333321ca283ae505a
Last affected
8dbc44408be313de5026ee53af7b195dc37e8c69
Last affected
924f163db2a50bc9b4534780f25dc29b17ae7709
Last affected
9871b4ad7400606bbecf7f979b198080f4b107c3
Last affected
98f90370b548e09494b1ee5c05d03e19d6e476af
Last affected
9caa8b0c4269163def2ce0fa6ff1754ec0c234d2
Last affected
9e6e0ce4590fd97d980aa9505dde1031b076ea14
Last affected
a702f057b11a0fe377071cb22e33bbf5ae085f5c
Last affected
ac72d94febc1744579bad2646685a2054c087594
Last affected
b1cdc8360f2cf6989675f4c9f13ba73b566c0f00
Last affected
b260eaadf2c72ffbe5a598e46ef6cee15fd2548f
Last affected
b3faa0890ca53b2b728d3eea0710ca58dfa7d3d3
Last affected
b6d827bb2dc5aff7b731e4f15f979090cb2a352a
Last affected
c238dc1c259c8e5b983951539aa101598fe26543
Last affected
c3e69b0b7c24534f14cf604304324d01b082833a
Last affected
c9c9ac61e6c4cf554bfc1fa217dfce644f206d91
Last affected
cfd680531832dd7848545c23485d20cb64e22c9d
Last affected
d07f4fe02935119f1fe55263428c340f32a9b2ea
Last affected
d67c907006d990429cd0979873251faff01fbb0a
Last affected
dcac9583321bfe579e6c91c688889cb3d870f1da
Last affected
dcf960952e5a35fe3675fc9f82fd1b8649085b89
Last affected
e46b7d19de7914881986ef939f690facc7a0198d
Last affected
e8978d6fc66d29f34ea639869c0765cc4b84511d
Last affected
ebaa1ec6e56b04ea7b625f2eb28957d3bf9d75d8
Last affected
ec42b075248c69aad25efc0a6ce12357aef13ef2
Last affected
f1208a9c0b5abcea0dab90d1cd60435265e529bd
Last affected
f67a61425f27009d4ac16a62e31758e5af3a7226
Last affected
fa77e72e38dfb86bc40894fd11459c43dc7631d8
Last affected
faccddce0f6cb1e22df9d558b446a17f912e906d
Last affected
fcf419fda8dcbe02721acb8e5f861b23aa489fee
Last affected
fdeb2b112a9f3ab16e61c13c406bd14fc5b80d6c
Last affected
fe4eecee8c4942cb836bc63f79ed5eaa39069f69

Affected versions

7.*

7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.2-0
7.0.2-1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13140.json"

Git / github.com/imagemagick/imagemagick6

Affected ranges

Type
GIT
Repo
https://github.com/imagemagick/imagemagick6
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
19858ec47b7aa6890efbaa1a1d40fde51afb8db3

Affected versions

6.*

6.9.4-0
6.9.4-1
6.9.4-10
6.9.4-2
6.9.4-3
6.9.4-4
6.9.4-5
6.9.4-6
6.9.4-7
6.9.4-8
6.9.4-9
6.9.5-0
6.9.5-1
6.9.5-10
6.9.5-2
6.9.5-3
6.9.5-4
6.9.5-5
6.9.5-6
6.9.5-7
6.9.5-8
6.9.5-9
6.9.6-0
6.9.6-1
6.9.6-2
6.9.6-3
6.9.6-4
6.9.6-5
6.9.6-6
6.9.6-7
6.9.6-8
6.9.7-0
6.9.7-1
6.9.7-10
6.9.7-2
6.9.7-3
6.9.7-4
6.9.7-5
6.9.7-6
6.9.7-7
6.9.7-8
6.9.7-9
6.9.8-0
6.9.8-1
6.9.8-10
6.9.8-2
6.9.8-3
6.9.8-4
6.9.8-5
6.9.8-6
6.9.8-7
6.9.8-8
6.9.8-9
6.9.9-0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13140.json"