Home

CVE-2017-11166

Description

The ReadXWDImage function in codersxwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.139

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Imagemagic (x64) 7.0.5Windows
Multiple Vulnerabilities are affected in Imagemagic 7.0.5Windows
Multiple Vulnerabilities are affected in ImageMagick 7.0.5Windows
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update autotrace-0.31.1-38.el7.i686.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update autotrace-0.31.1-38.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update autotrace-devel-0.31.1-38.el7.i686.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update autotrace-devel-0.31.1-38.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update inkscape-0.92.2-3.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update inkscape-docs-0.92.2-3.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update inkscape-view-0.92.2-3.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update ImageMagick-6.9.10.68-3.el7.i686.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update ImageMagick-6.9.10.68-3.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update ImageMagick-c++-6.9.10.68-3.el7.i686.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update ImageMagick-c++-6.9.10.68-3.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update ImageMagick-c++-devel-6.9.10.68-3.el7.i686.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update ImageMagick-c++-devel-6.9.10.68-3.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update ImageMagick-devel-6.9.10.68-3.el7.i686.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update ImageMagick-devel-6.9.10.68-3.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update ImageMagick-doc-6.9.10.68-3.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update ImageMagick-perl-6.9.10.68-3.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update emacs-24.3-23.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update emacs-common-24.3-23.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update emacs-el-24.3-23.el7.noarch.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update emacs-filesystem-24.3-23.el7.noarch.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update emacs-nox-24.3-23.el7.x86_64.rpmLinux
(RHSA-2020:1180) ImageMagick security, bug fix, and enhancement update emacs-terminal-24.3-23.el7.noarch.rpmLinux
(CESA-2020:1180) ImageMagick security, bug fix, and enhancement update autotrace-0.31.1-38.el7.x86_64.rpmLinux
(CESA-2020:1180) ImageMagick security, bug fix, and enhancement update autotrace-devel-0.31.1-38.el7.x86_64.rpmLinux
(CESA-2020:1180) ImageMagick security, bug fix, and enhancement update emacs-24.3-23.el7.x86_64.rpmLinux
(CESA-2020:1180) ImageMagick security, bug fix, and enhancement update emacs-common-24.3-23.el7.x86_64.rpmLinux
(CESA-2020:1180) ImageMagick security, bug fix, and enhancement update emacs-el-24.3-23.el7.noarch.rpmLinux
(CESA-2020:1180) ImageMagick security, bug fix, and enhancement update emacs-filesystem-24.3-23.el7.noarch.rpmLinux
(CESA-2020:1180) ImageMagick security, bug fix, and enhancement update emacs-nox-24.3-23.el7.x86_64.rpmLinux
(CESA-2020:1180) ImageMagick security, bug fix, and enhancement update emacs-terminal-24.3-23.el7.noarch.rpmLinux
(CESA-2020:1180) ImageMagick security, bug fix, and enhancement update inkscape-0.92.2-3.el7.x86_64.rpmLinux
(CESA-2020:1180) ImageMagick security, bug fix, and enhancement update inkscape-docs-0.92.2-3.el7.x86_64.rpmLinux
(CESA-2020:1180) ImageMagick security, bug fix, and enhancement update inkscape-view-0.92.2-3.el7.x86_64.rpmLinux
(RHSA-2020:1180)Moderate: security, bug fix, and enhancement update ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpmLinux
(RHSA-2020:1180)Moderate: security, bug fix, and enhancement update ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpmLinux
(RHSA-2020:1180)Moderate: security, bug fix, and enhancement update autotrace-debuginfo-0.31.1-38.el7.i686.rpmLinux
(RHSA-2020:1180)Moderate: security, bug fix, and enhancement update autotrace-debuginfo-0.31.1-38.el7.x86_64.rpmLinux
(RHSA-2020:1180)Moderate: security, bug fix, and enhancement update emacs-debuginfo-24.3-23.el7.x86_64.rpmLinux
(RHSA-2020:1180)Moderate: security, bug fix, and enhancement update inkscape-debuginfo-0.92.2-3.el7.x86_64.rpmLinux
ImageMagick update (ELSA-2020-1180) ImageMagick-6.9.10.68-3.el7.i686.rpmLinux
ImageMagick update (ELSA-2020-1180) ImageMagick-6.9.10.68-3.el7.x86_64.rpmLinux
ImageMagick-c++ update (ELSA-2020-1180) ImageMagick-c++-6.9.10.68-3.el7.i686.rpmLinux
ImageMagick-c++ update (ELSA-2020-1180) ImageMagick-c++-6.9.10.68-3.el7.x86_64.rpmLinux
ImageMagick-perl update (ELSA-2020-1180) ImageMagick-perl-6.9.10.68-3.el7.x86_64.rpmLinux
Emacs update (ELSA-2020-1180) emacs-24.3-23.el7.x86_64.rpmLinux
Emacs-common update (ELSA-2020-1180) emacs-common-24.3-23.el7.x86_64.rpmLinux
Emacs-filesystem update (ELSA-2020-1180) emacs-filesystem-24.3-23.el7.noarch.rpmLinux
Emacs-nox update (ELSA-2020-1180) emacs-nox-24.3-23.el7.x86_64.rpmLinux
Inkscape update (ELSA-2020-1180) inkscape-0.92.2-3.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234