CVE-2017-13658

MEDIUM

Imagemagick < 6.9.9-2 - Reachable Assertion

Title source: rule

Description

In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.

References (5)

[Issue Tracking, Third Party Advisory] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870019

[Issue Tracking, Patch, Third Party Advisory] https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89

View Patch ZIP pw:eip

[Issue Tracking, Patch, Third Party Advisory] https://github.com/ImageMagick/ImageMagick/issues/598

[Mailing List] https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html

Scores

CVSS v3 6.5

EPSS 0.0047

EPSS Percentile 64.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-617

Status draft

Affected Products (50)

imagemagick/imagemagick < 6.9.9-2

imagemagick/imagemagick

imagemagick/imagemagick

imagemagick/imagemagick

imagemagick/imagemagick

imagemagick/imagemagick

imagemagick/imagemagick

imagemagick/imagemagick

imagemagick/imagemagick

imagemagick/imagemagick

imagemagick/imagemagick

imagemagick/imagemagick

imagemagick/imagemagick

imagemagick/imagemagick

imagemagick/imagemagick

... and 35 more

Timeline

Published Aug 24, 2017

Tracked Since Feb 18, 2026