CVE-2017-12691

MEDIUM

ImageMagick - Denial of Service via Crafted XCF File

Title source: llm

Description

The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

References (5)

Core 5

Core References

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3681-1/

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201711-07

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://github.com/ImageMagick/ImageMagick/issues/656

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html

Scores

CVSS v3 6.5

EPSS 0.0095

EPSS Percentile 76.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-770

Status published

Products (5)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

canonical/ubuntu_linux 18.04

imagemagick/imagemagick 7.0.6-6

Published Sep 01, 2017

Tracked Since Feb 18, 2026