VYPR
← All advisories
Medium severity6.5NVD Advisory· Published Dec 11, 2017· Updated May 13, 2026

CVE-2017-17504

CVE-2017-17504

Description

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

Affected products

8
  • ImageMagick/Imagemagick
    cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
    Range: <6.9.9-24
  • Canonical/Ubuntu Linux4 versions
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • Debian/Debian Linux3 versions
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.