CVE-2017-14103

Priority
Description
The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in
GraphicsMagick 1.3.26 do not properly manage image pointers after certain
error conditions, which allows remote attackers to conduct use-after-free
attacks via a crafted file, related to a ReadMNGImage out-of-order
CloseBlob call. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2017-11403.
Notes
ebarrettotrusty and xenial are not affected as long as we apply the
fix for CVE-2017-11403 correctly.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.3.26-8)
More Information

Updated: 2020-09-10 05:37:09 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)