Fluid Attacks Database

Description

There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	graphicsmagick	=1.4+really1.3.36+hg16481-2 \|\| =1.4+really1.3.36+hg16481-2+deb11u1 \|\| =1.4+really1.3.37+hg16662-1 \|\| =1.4+really1.3.37+hg16670-1 \|\| =1.4+really1.3.37-1 \|\| =1.4+really1.3.38+hg16728-1 \|\| =1.4+really1.3.38+hg16739-1 \|\| =1.4+really1.3.38+hg16870-1 \|\| =1.4+really1.3.38-1 \|\| =1.4+really1.3.39-1 \|\| =1.4+really1.3.39-2 \|\| =1.4+really1.3.40-1 \|\| =1.4+really1.3.40-2 \|\| =1.4+really1.3.40-3 \|\| =1.4+really1.3.40-4 \|\| =1.4+really1.3.41-1 \|\| =1.4+really1.3.42-1 \|\| =1.4+really1.3.42-1.1 \|\| =1.4+really1.3.42-1.1~exp1 \|\| =1.4+really1.3.43-1 \|\| =1.4+really1.3.44-1 \|\| =1.4+really1.3.45+hg17689-1 \|\| =1.4+really1.3.45+hg17692-1 \|\| =1.4+really1.3.45+hg17696-1 \|\| =1.4+really1.3.45-1 \|\| =1.4+really1.3.46-1 \|\| =1.4+really1.3.46-2
debian 12	graphicsmagick	=1.4+really1.3.40-4 \|\| =1.4+really1.3.40-4+deb12u1 \|\| =1.4+really1.3.41-1 \|\| =1.4+really1.3.42-1 \|\| =1.4+really1.3.42-1.1 \|\| =1.4+really1.3.42-1.1~exp1 \|\| =1.4+really1.3.43-1 \|\| =1.4+really1.3.44-1 \|\| =1.4+really1.3.45+hg17689-1 \|\| =1.4+really1.3.45+hg17692-1 \|\| =1.4+really1.3.45+hg17696-1 \|\| =1.4+really1.3.45-1 \|\| =1.4+really1.3.46-1 \|\| =1.4+really1.3.46-2
debian 14	graphicsmagick	=1.4+really1.3.45+hg17696-1 \|\| =1.4+really1.3.46-1 \|\| =1.4+really1.3.46-2
debian 13	graphicsmagick	=1.4+really1.3.45+hg17696-1 \|\| =1.4+really1.3.46-1 \|\| =1.4+really1.3.46-2

Aliases

1. CVE-2017-137362. NVD-2017-137363. OSV-DEBIAN-2017-137364. OSV-2017-137365. SECURITY-TRACKER-CVE-2017-13736

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.