The vulnerability of the ReadSUNImage function (coders/sun.c) in the cross-platform library for working with graphics, GraphicsMagick, allows a hacker to execute arbitrary code.

🗓️ 18 Nov 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

ReadSUNImage in GraphicsMagick has a buffer overread that could enable remote code execution.

Reporter	Title	Published	Views	Family All 45
AlpineLinux	CVE-2017-12937	18 Aug 201712:00	–	alpinelinux
ArchLinux	[ASA-201801-7] graphicsmagick: multiple issues	8 Jan 201800:00	–	archlinux
CNVD	GraphicsMagick Buffer Overflow Vulnerability (CNVD-2017-28586)	21 Aug 201700:00	–	cnvd
CVE	CVE-2017-12937	18 Aug 201712:00	–	cve
Cvelist	CVE-2017-12937	18 Aug 201712:00	–	cvelist
Debian	[SECURITY] [DLA 1082-1] graphicsmagick security update	31 Aug 201720:21	–	debian
Debian	[SECURITY] [DLA 1401-1] graphicsmagick security update	27 Jun 201821:28	–	debian
Debian	[SECURITY] [DSA 4321-1] graphicsmagick security update	16 Oct 201821:57	–	debian
Debian CVE	CVE-2017-12937	18 Aug 201712:00	–	debiancve
Tenable Nessus	Debian DLA-1082-1 : graphicsmagick security update	1 Sep 201700:00	–	nessus

Vulners

Node

graphicsmagick_group graphicsmagickMatch1.3.26

OR

fedora fedoraMatch29

OR

fedora fedoraMatch30

Source	Link
wiki	www.wiki.astralinux.ru/pages/viewpage.action
debian	www.debian.org/security/2018/dsa-4321
lists	www.lists.debian.org/debian-lts-announce/2018/06/msg00009.html
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
hg	www.hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-12937
web	www.web.nvd.nist.gov/view/vuln/detail

18 Nov 2019 00:00Current

CVSS 38.8

CVSS 210

EPSS0.00945

ReadSUNImage GraphicsMagick Buffer overread Remote code execution Dynamic memory