Main Vulnerability Database SB2017071004

SB2017071004 - Double Free in GraphicsMagick

Published: July 10, 2017 Updated: August 3, 2020

Security Bulletin ID SB2017071004

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Description

This security bulletin contains information about 1 security vulnerability.

1) Double Free (CVE-ID: CVE-2017-11139)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.

Install update from vendor's website.