CVE-2017-11139

CRITICAL

Graphicsmagick - Double Free

Title source: rule

Description

GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.

References (3)

Scores

CVSS v3 9.8
EPSS 0.0047
EPSS Percentile 64.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-415
Status draft

Affected Products (2)

graphicsmagick/graphicsmagick
debian/debian_linux

Timeline

Published Jul 10, 2017
Tracked Since Feb 18, 2026