CVE-2017-17880

HIGH

Imagemagick - Out-of-Bounds Read

Title source: rule
STIX 2.1

Description

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.

References (2)

Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://github.com/ImageMagick/ImageMagick/issues/907
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102317

Scores

CVSS v3 8.8
EPSS 0.0041
EPSS Percentile 61.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (1)
imagemagick/imagemagick 7.0.7-16
Published Dec 27, 2017
Tracked Since Feb 18, 2026