CVE-2017-11750 - The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attack

CVE-2017-11750

Summary

The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

References

https://github.com/ImageMagick/ImageMagick/issues/632

Vulnerable Configurations

cpe:2.3:a:imagemagick:imagemagick:6.9.9-4:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.9.9-4:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.6-4:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.6-4:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 02-08-2017 - 16:50)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

confirm

https://github.com/ImageMagick/ImageMagick/issues/632

Last major update

02-08-2017 - 16:50

Published

30-07-2017 - 17:29

Last modified

02-08-2017 - 16:50