Test ID:	1.3.6.1.4.1.25623.1.0.113136
Category:	Denial of Service
Title:	GraphicsMagick 1.3.26 Multiple DoS Vulnerabilities - Linux
Summary:	GraphicsMagick is prone to multiple Denial of Service vulnerabilities, exploitable via specially crafted files.
Description:	Summary: GraphicsMagick is prone to multiple Denial of Service vulnerabilities, exploitable via specially crafted files. Vulnerability Insight: The following vulnerabilities exist: An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. Vulnerability Impact: Successful exploitation would allow an attacker to crash GraphicsMagick. Affected Software/OS: GraphicsMagick through version 1.3.26. Solution: Update to version 1.3.27 or above. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-18229 Debian Security Information: DSA-4321 (Google Search) https://www.debian.org/security/2018/dsa-4321 https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://usn.ubuntu.com/4266-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-18230 Common Vulnerability Exposure (CVE) ID: CVE-2017-18231
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.