CVE-2017-5509 - coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD fil

CVE-2017-5509

Summary

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

References

Vulnerable Configurations

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	95751
confirm	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851377 https://github.com/ImageMagick/ImageMagick/commit/37a1710e2dab6ed91128ea648d654a22fbe2a6af https://github.com/ImageMagick/ImageMagick/commit/d4ec73f866a7c42a2e7f301fcd696e5cb7a7d3ab https://github.com/ImageMagick/ImageMagick/issues/350
gentoo	GLSA-201702-09
mlist	[oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors [oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors

Last major update

28-10-2020 - 19:26

Published

24-03-2017 - 15:59

Last modified

28-10-2020 - 19:26