GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
References
Configurations
History
No history.
Information
Published : 2017-11-01 15:29
Updated : 2025-04-20 01:37
NVD link : CVE-2017-16352
Mitre link : CVE-2017-16352
CVE.ORG link : CVE-2017-16352
JSON object : View
Products Affected
debian
- debian_linux
graphicsmagick
- graphicsmagick
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer