CVE-2017-11540

Published: 7/23/2017 Last updated: 8/5/2024 Reserved: 7/22/2017

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (1)

Product	Vendor	Version
n/a	n/a	2.5.0.4-R7 and earlier versions

References (4)

https://github.com/ImageMagick/ImageMagick/issues/581
http://www.securityfocus.com/bid/99929
https://github.com/ImageMagick/ImageMagick/issues/581
http://www.securityfocus.com/bid/99929