CVE-2017-16353
CVE-2017-16353
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/43111/unverifiedexploitdbwww.exploit-db.com/exploits/43111unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txthttp://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=e4e1c2a581d8https://blogs.securiteam.com/index.php/archives/3494https://lists.debian.org/debian-lts-announce/2017/11/msg00002.htmlhttps://lists.debian.org/debian-lts-announce/2018/06/msg00009.htmlhttps://usn.ubuntu.com/4232-1/https://www.debian.org/security/2018/dsa-4321https://www.exploit-db.com/exploits/43111/http://www.securityfocus.com/bid/101653