GraphicsMagick CVE-2017-18219 Denial of Service Vulnerability

GraphicsMagick is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause denial-of-service conditions.

Versions prior to GraphicsMagick 1.3.26 are vulnerable.

Information

Bugtraq ID: 103258
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-18219

Remote: Yes
Local: No
Published: Oct 08 2017 12:00AM
Updated: Mar 07 2018 05:00AM
Credit: ADLab of Venustech.
Vulnerable: GraphicsMagick GraphicsMagick 1.3.26

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

#459 allocation failure in ReadOnePNGImage (Sourceforge)
check MemoryResource before attempting to allocate ping_pixels array (Graphicsmagick)
GraphicsMagick Homepage (GraphicsMagick)

Source: www.securityfocus.com

Exploit Collector

Search Exploit