GraphicsMagick CVE-2017-18220 Multiple Denial of Service Vulnerabilities

GraphicsMagick is prone to multiple denial-of-service vulnerabilities.

Attackers can exploit these issues to cause denial-of-service conditions.

GraphicsMagick 1.3.26 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 103276
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-18220

Remote: Yes
Local: No
Published: Mar 05 2018 12:00AM
Updated: Mar 05 2018 12:00AM
Credit: ADLab of Venustech
Vulnerable: GraphicsMagick GraphicsMagick 1.3.26

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate these issues. Please see the references for more information.

References:

#438 heap use after free in CloseBlob (Graphicsmagick)
Attempt to fix Issue 440. (Graphicsmagick)
GraphicsMagick Homepage (GraphicsMagick)

Source: www.securityfocus.com

Exploit Collector

Search Exploit