CVE-2017-10794 - OpenCVE

When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Graphicsmagick	Graphicsmagick

Configuration 1 [-]

cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.25:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/99355
https://sourceforge.net/p/graphicsmagick/code/ci/a20bee0a0ad216aa11a2be3de63b60ca6bef4106/
https://usn.ubuntu.com/4206-1/
https://www.debian.org/security/2018/dsa-4321

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-02T22:00:00

Updated: 2024-08-05T17:50:11.637Z

Reserved: 2017-07-02T00:00:00

Link: CVE-2017-10794

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-07-02T22:29:00.183

Modified: 2018-10-18T10:29:02.607

Link: CVE-2017-10794

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-02T00:00:00", "descriptions": [{"lang": "en", "value": "When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-03T14:06:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://sourceforge.net/p/graphicsmagick/code/ci/a20bee0a0ad216aa11a2be3de63b60ca6bef4106/"}, {"name": "DSA-4321", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4321"}, {"name": "99355", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99355"}, {"name": "USN-4206-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4206-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-10794", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sourceforge.net/p/graphicsmagick/code/ci/a20bee0a0ad216aa11a2be3de63b60ca6bef4106/", "refsource": "CONFIRM", "url": "https://sourceforge.net/p/graphicsmagick/code/ci/a20bee0a0ad216aa11a2be3de63b60ca6bef4106/"}, {"name": "DSA-4321", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4321"}, {"name": "99355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99355"}, {"name": "USN-4206-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4206-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:50:11.637Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceforge.net/p/graphicsmagick/code/ci/a20bee0a0ad216aa11a2be3de63b60ca6bef4106/"}, {"name": "DSA-4321", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4321"}, {"name": "99355", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99355"}, {"name": "USN-4206-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4206-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-10794", "datePublished": "2017-07-02T22:00:00", "dateReserved": "2017-07-02T00:00:00", "dateUpdated": "2024-08-05T17:50:11.637Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.25:*:*:*:*:*:*:*", "matchCriteriaId": "42C41978-F9EF-4C9A-9E52-2F1391BA684B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode."}, {"lang": "es", "value": "Cuando GraphicsMagick 1.3.25 procesa una imagen RGB TIFF (con metadatos que indican una \u00fanica muestra por p\u00edxel) en coders/tiff.c, ocurre un desbordamiento de b\u00fafer. Esto est\u00e1 relacionado con QuantumTransferMode."}], "id": "CVE-2017-10794", "lastModified": "2018-10-18T10:29:02.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-02T22:29:00.183", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99355"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://sourceforge.net/p/graphicsmagick/code/ci/a20bee0a0ad216aa11a2be3de63b60ca6bef4106/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4206-1/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2018/dsa-4321"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}