CVE-2017-11448

MEDIUM

Imagemagick < 6.9.9-0 - Information Disclosure

Title source: rule

Description

The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.

References (3)

[Issue Tracking, Patch, Third Party Advisory] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867893

[Patch, Third Party Advisory] https://github.com/ImageMagick/ImageMagick/commit/f6463ca9588579633bbaed9460899d892aa3c64a

View Patch ZIP pw:eip

[Issue Tracking, Patch, Third Party Advisory] https://github.com/ImageMagick/ImageMagick/issues/556

Scores

CVSS v3 6.5

EPSS 0.0066

EPSS Percentile 70.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (1)

imagemagick/imagemagick < 6.9.9-0

Timeline

Published Jul 19, 2017

Tracked Since Feb 18, 2026