GraphicsMagick CVE-2017-16353 Information Disclosure Vulnerability

GraphicsMagick is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

Information

Bugtraq ID: 101653
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-16353

Remote: Yes
Local: No
Published: Nov 01 2017 12:00AM
Updated: Nov 01 2017 12:00AM
Credit: Jeremy Heng (@nn_amon) and Terry Chia (Ayrx).
Vulnerable: GraphicsMagick GraphicsMagick 1.3.26

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

GraphicsMagick Homepage (GraphicsMagick)
SSD Advisory â?? GraphicsMagick Multiple Vulnerabilities (SecuriTeam)
GraphicsMagick Changelog (GraphicsMagick)

Source: www.securityfocus.com

Exploit Collector

Search Exploit