CVE-2017-13140

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-13140

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13140.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-13140

Related

DSA-4019-1

Published

2017-08-23T06:29:00Z

Modified

2024-10-12T02:33:36.738641Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICKWIDTHLIMIT.

References

Affected packages

Debian:11 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.7.4+dfsg-15

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.7.4+dfsg-15

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.7.4+dfsg-15

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/imagemagick/imagemagick

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

01588fbdd5469847e919b472e8bfbd69bef0d652

Last affected

044a9bc056a8e0a7979009b41901e97640626257

Last affected

104b6c96a4d7cd159f234a8f8fa1b4649b1d7286

Last affected

1a5fed605982a1a20e8e9bd57502e2ce94d7dc3e

Last affected

25ea4de824468525f809ed1d62946626cb6e8aa6

Last affected

2615e69b7e7d72e3bd5eef828708d08d1490b7fe

Last affected

28b7715cc32e487462782f6e4ad5bf4aeb239a66

Last affected

3448b33066a13a5d51dce90ffd083a6106f43e40

Last affected

373421274fc8d81199b212c873621015637a5853

Last affected

3cf86f2d1d1ef36d99879c6e5d206138a72e156a

Last affected

3f3a32e0563505929765d6393cfb3a38ebfae4bd

Last affected

4c1b1053f61fb4dd106f8843bddd7232dc325931

Last affected

56a7ae7ca78a970a06115ac03876d5922124ea37

Last affected

56ef04875ca6ff0078f7929364d444f2fb6408e0

Last affected

580b68fc398b9bf7ec1a025524f294ce76fcf521

Last affected

59ff8f4d216c030529c39fbefbd13fed45a29c63

Last affected

5bb8534ea2810eec19875191581e96ed4f519411

Last affected

5cbdc8e011effc2ca5d2c6f15377263105c152a2

Last affected

62fa2bf87a80433e19ac240aeb4c769c3120a49a

Last affected

72fc458e010f709b5383baba6dc736d8cd60188f

Last affected

74390c5db097bf7ac36f1cfc5f3128b84ff14ebe

Last affected

800400ddc64a431706bbe59c8bee3c35138bafc5

Last affected

80973288d5cb3fd6165a7ac3e2e88344229bf465

Last affected

83da034c73811a457239b0de644bdad0e3d64360

Last affected

8af0c7343af5ecda6a99611333321ca283ae505a

Last affected

8dbc44408be313de5026ee53af7b195dc37e8c69

Last affected

924f163db2a50bc9b4534780f25dc29b17ae7709

Last affected

9871b4ad7400606bbecf7f979b198080f4b107c3

Last affected

98f90370b548e09494b1ee5c05d03e19d6e476af

Last affected

9caa8b0c4269163def2ce0fa6ff1754ec0c234d2

Last affected

9e6e0ce4590fd97d980aa9505dde1031b076ea14

Last affected

a702f057b11a0fe377071cb22e33bbf5ae085f5c

Last affected

ac72d94febc1744579bad2646685a2054c087594

Last affected

b1cdc8360f2cf6989675f4c9f13ba73b566c0f00

Last affected

b260eaadf2c72ffbe5a598e46ef6cee15fd2548f

Last affected

b3faa0890ca53b2b728d3eea0710ca58dfa7d3d3

Last affected

b6d827bb2dc5aff7b731e4f15f979090cb2a352a

Last affected

c238dc1c259c8e5b983951539aa101598fe26543

Last affected

c3e69b0b7c24534f14cf604304324d01b082833a

Last affected

c9c9ac61e6c4cf554bfc1fa217dfce644f206d91

Last affected

cfd680531832dd7848545c23485d20cb64e22c9d

Last affected

d07f4fe02935119f1fe55263428c340f32a9b2ea

Last affected

d67c907006d990429cd0979873251faff01fbb0a

Last affected

dcac9583321bfe579e6c91c688889cb3d870f1da

Last affected

dcf960952e5a35fe3675fc9f82fd1b8649085b89

Last affected

e46b7d19de7914881986ef939f690facc7a0198d

Last affected

e8978d6fc66d29f34ea639869c0765cc4b84511d

Last affected

ebaa1ec6e56b04ea7b625f2eb28957d3bf9d75d8

Last affected

ec42b075248c69aad25efc0a6ce12357aef13ef2

Last affected

f1208a9c0b5abcea0dab90d1cd60435265e529bd

Last affected

f67a61425f27009d4ac16a62e31758e5af3a7226

Last affected

fa77e72e38dfb86bc40894fd11459c43dc7631d8

Last affected

faccddce0f6cb1e22df9d558b446a17f912e906d

Last affected

fcf419fda8dcbe02721acb8e5f861b23aa489fee

Last affected

fdeb2b112a9f3ab16e61c13c406bd14fc5b80d6c

Last affected

fe4eecee8c4942cb836bc63f79ed5eaa39069f69

Type: GIT
Repo: https://github.com/imagemagick/imagemagick6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

19858ec47b7aa6890efbaa1a1d40fde51afb8db3

Affected versions

6.*

6.9.4-0

6.9.4-1

6.9.4-10

6.9.4-2

6.9.4-3

6.9.4-4

6.9.4-5

6.9.4-6

6.9.4-7

6.9.4-8

6.9.4-9

6.9.5-0

6.9.5-1

6.9.5-10

6.9.5-2

6.9.5-3

6.9.5-4

6.9.5-5

6.9.5-6

6.9.5-7

6.9.5-8

6.9.5-9

6.9.6-0

6.9.6-1

6.9.6-2

6.9.6-3

6.9.6-4

6.9.6-5

6.9.6-6

6.9.6-7

6.9.6-8

6.9.7-0

6.9.7-1

6.9.7-10

6.9.7-2

6.9.7-3

6.9.7-4

6.9.7-5

6.9.7-6

6.9.7-7

6.9.7-8

6.9.7-9

6.9.8-0

6.9.8-1

6.9.8-10

6.9.8-2

6.9.8-3

6.9.8-4

6.9.8-5

6.9.8-6

6.9.8-7

6.9.8-8

6.9.8-9

6.9.9-0

7.*

7.0.1-0

7.0.1-1

7.0.1-10

7.0.1-2

7.0.1-3

7.0.1-4

7.0.1-5

7.0.1-6

7.0.1-7

7.0.1-8

7.0.1-9

7.0.2-0

7.0.2-1