← back
CVE-2017-14989

CVE-2017-14989

EPSS 1.5%
A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/ImageMagick/ImageMagick/issues/781https://usn.ubuntu.com/3681-1/https://www.debian.org/security/2017/dsa-4032https://www.debian.org/security/2017/dsa-4040