CVE-2017-13777

MEDIUM

Graphicsmagick - Denial of Service

Title source: rule

Description

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.

References (6)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100575

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4321

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html

[Mailing List] http://openwall.com/lists/oss-security/2017/08/31/1

[Issue Tracking, Patch, Third Party Advisory] http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e

[Vendor Advisory] https://usn.ubuntu.com/4222-1/

Scores

CVSS v3 6.5

EPSS 0.0107

EPSS Percentile 77.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-834

Status published

Products (3)

debian/debian_linux 8.0

debian/debian_linux 9.0

graphicsmagick/graphicsmagick 1.3.26

Published Aug 30, 2017

Tracked Since Feb 18, 2026