Fluid Attacks Database

Description

An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	graphicsmagick	>=0 <1.3.27-1	1.3.27-1
debian 12	graphicsmagick	>=0 <1.3.27-1	1.3.27-1
debian 14	graphicsmagick	>=0 <1.3.27-1	1.3.27-1
debian 13	graphicsmagick	>=0 <1.3.27-1	1.3.27-1
rpm rhel8	GraphicsMagick	-	-

Aliases

1. CVE-2017-182292. NVD-2017-182293. OSV-DEBIAN-2017-182294. OSV-2017-182295. SECURITY-TRACKER-CVE-2017-18229

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.