Glenn Randers-Pehrson - Security Researcher - Exploit Intelligence Platform

CVE-2017-11310 WRITEUP HIGH WRITEUP

Imagemagick - Resource Leak

The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.

CVSS 8.8

View Code

CVE-2017-12652 WRITEUP CRITICAL WRITEUP

Libpng < 1.6.32 - Improper Input Validation

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

CVSS 9.8

View Code

CVE-2017-13139 WRITEUP CRITICAL WRITEUP

Imagemagick < 6.9.9-0 - Out-of-Bounds Read

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.

CVSS 9.8

View Code