CVE-2017-14173
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
74.0%
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation “GetQuantumRange(depth)+1” when “depth” is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large “max_value” value.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| imagemagick | imagemagick | 7.0.6-10 | cpe:2.3:a:imagemagick:imagemagick:7.0.6-10:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 14.04 | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* |
| canonical | ubuntu_linux | 16.04 | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 17.10 | cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 18.04 | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
| debian | debian_linux | 8.0 | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
| debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
References
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
74.0%