Project

General

Profile

Bug #7548

Bug #7547: graphicsmagick: Use-after-free in CloseBlob (CVE-2017-11403)

[3.7] graphicsmagick: Use-after-free in CloseBlob (CVE-2017-11403)

Added by Alicha CH over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
07/19/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call,
resulting in a use-after-free via a crafted file.

References:

http://openwall.com/lists/oss-security/2017/07/18/1
https://nvd.nist.gov/vuln/detail/CVE-2017-11403

Patch:

http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37

History

#2 Updated by Francesco Colista over 1 year ago

  • Category set to Security
  • Status changed from Resolved to Closed

#3 Updated by Alicha CH over 1 year ago

  • % Done changed from 0 to 100

Also available in: Atom PDF