CVE-2017-13134

Source
Severity Medium
Remote Yes
Type Denial of service
Description
In ImageMagick 6.9.9.1, 7.0.6.7 and GraphicsMagick before 1.3.27, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
Group Package Affected Fixed Severity Status Ticket
AVG-497 imagemagick 6.9.9.3-1 6.9.9.7-1 Medium Fixed
AVG-355 graphicsmagick 1.3.26-3 1.3.27-1 High Fixed
Date Advisory Group Package Severity Description
08 Jan 2018 ASA-201801-7 AVG-355 graphicsmagick High multiple issues
References
https://github.com/ImageMagick/ImageMagick/issues/670
https://github.com/ImageMagick/ImageMagick/commit/5304ae14655a67b9a3db00563fe44d9abd6de4f0
http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05