PublicDateAtUSN: 2017-08-23 Candidate: CVE-2017-13144 PublicDate: 2017-08-23 06:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13144 https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438 https://ubuntu.com/security/notices/USN-3681-1 https://ubuntu.com/security/notices/USN-3785-1 https://ubuntu.com/security/notices/USN-5335-1 Description: In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. Ubuntu-Description: Notes: mdeslaur> 0085-Avoid-a-crash-in-mpc-coder.patch in unstable mdeslaur> 0081-Avoid-a-crash-in-mpc-coder.patch in stretch mdeslaur> 0297-CVE-2017-13144-Fix-application-crash-if-image-dimensions-are-too-large.patch in wheezy mdeslaur> 0261-CVE-2017-13144.patch in jessie sbeattie> this fix introduced a regression in xenial and trusty (LP: #1793485) and was reverted for those releases in USN 3785-1 Bugs: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869728 https://launchpad.net/bugs/1793485 Priority: negligible Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM] Patches_imagemagick: upstream: https://github.com/ImageMagick/ImageMagick/commit/9b580ad0564aefd9beeccbcbb8d62ccd05795a84 upstream: https://github.com/ImageMagick/ImageMagick6/commit/a05f8f4b2f8c1fe1189b6085318f22c2b462f7d4 (xenial) upstream: https://github.com/ImageMagick/ImageMagick6/commit/e5e87c087ed48db886be0ff3aff4041d38218192 (xenial) upstream_imagemagick: released (8:6.9.7.4+dfsg-13) precise/esm_imagemagick: DNE trusty_imagemagick: ignored (reached end-of-life) trusty/esm_imagemagick: DNE (trusty was needed) vivid/ubuntu-core_imagemagick: DNE xenial_imagemagick: ignored (end of standard support, was needed) esm-infra/xenial_imagemagick: released (8:6.8.9.9-7ubuntu5.16+esm2) zesty_imagemagick: ignored (reached end-of-life) artful_imagemagick: not-affected (8:6.9.7.4+dfsg-16ubuntu2) bionic_imagemagick: not-affected (8:6.9.7.4+dfsg-16ubuntu2) cosmic_imagemagick: not-affected (8:6.9.7.4+dfsg-16ubuntu2) disco_imagemagick: not-affected (8:6.9.7.4+dfsg-16ubuntu2) eoan_imagemagick: not-affected (8:6.9.7.4+dfsg-16ubuntu2) focal_imagemagick: not-affected (8:6.9.7.4+dfsg-16ubuntu2) groovy_imagemagick: not-affected (8:6.9.7.4+dfsg-16ubuntu2) hirsute_imagemagick: not-affected (8:6.9.7.4+dfsg-16ubuntu2) impish_imagemagick: not-affected (8:6.9.7.4+dfsg-16ubuntu2) jammy_imagemagick: not-affected (8:6.9.7.4+dfsg-16ubuntu2) devel_imagemagick: not-affected (8:6.9.7.4+dfsg-16ubuntu2)