The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
{
"unresolved_ranges": [
{
"vendor_product": "imagemagick:imagemagick",
"cpes": [
"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "7.0.0-0"
},
{
"last_affected": "7.0.6-10"
},
{
"introduced": "7.0.0-0"
},
{
"last_affected": "7.0.6-10"
}
]
},
{
"vendor_product": "canonical:ubuntu_linux",
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "14.04"
},
{
"last_affected": "14.04"
},
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
},
{
"introduced": "17.10"
},
{
"last_affected": "17.10"
},
{
"introduced": "18.04"
},
{
"last_affected": "18.04"
}
]
},
{
"vendor_product": "debian:debian_linux",
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
},
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
]
}
]
}{
"cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "6.9.9-11"
}
]
}[
{
"digest": {
"line_hashes": [
"201574829055882073682823747988023744741",
"281411365007837298567174748174081729524",
"187434976871069825458001900389895480189",
"37033304517079638609531138597618694606"
],
"threshold": 0.9
},
"id": "CVE-2017-13769-28ea5f26",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick6/commit/2f74aa6457d35e511175b1f86b80012d5d4751c7",
"target": {
"file": "coders/jp2.c"
}
},
{
"digest": {
"length": 7262.0,
"function_hash": "258707320293750171487029545559793909725"
},
"id": "CVE-2017-13769-54186a86",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick6/commit/2f74aa6457d35e511175b1f86b80012d5d4751c7",
"target": {
"function": "WriteJP2Image",
"file": "coders/jp2.c"
}
}
]
"2026-07-08T23:28:50Z"
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-13769.json"