CVE-2017-11642 - GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c

CVE-2017-11642

Summary

GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.

References

http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
http://www.securityfocus.com/bid/100395
https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
https://usn.ubuntu.com/4222-1/
https://www.debian.org/security/2018/dsa-4321

Vulnerable Configurations

cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*
cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 18-10-2018 - 10:29)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	100395
confirm	http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
debian	DSA-4321
fedora	FEDORA-2019-425a1aa7c9 FEDORA-2019-da4c20882c
mlist	[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update
ubuntu	USN-4222-1

Last major update

18-10-2018 - 10:29

Published

26-07-2017 - 08:29

Last modified

18-10-2018 - 10:29