CVE-2017-14994
Published: 4 October 2017
ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.
From the Ubuntu Security Team
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Priority
Status
Package | Release | Status |
---|---|---|
graphicsmagick Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(1.3.26-13)
|
|
cosmic |
Not vulnerable
(1.3.26-13)
|
|
disco |
Not vulnerable
(1.3.26-13)
|
|
eoan |
Not vulnerable
(1.3.26-13)
|
|
focal |
Not vulnerable
(1.3.26-13)
|
|
groovy |
Not vulnerable
(1.3.26-13)
|
|
impish |
Not vulnerable
(1.3.26-13)
|
|
jammy |
Not vulnerable
(1.3.26-13)
|
|
trusty |
Released
(1.3.18-1ubuntu3.1+esm4)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Needs triage
|
|
xenial |
Released
(1.3.23-1ubuntu0.4)
|
|
zesty |
Ignored
(end of life)
|
|
hirsute |
Not vulnerable
(1.3.26-13)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14994
- http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264
- https://sourceforge.net/p/graphicsmagick/bugs/512/
- https://nandynarwhals.org/CVE-2017-14994/
- https://ubuntu.com/security/notices/USN-4232-1
- NVD
- Launchpad
- Debian