Vulnerability CVE-2017-11637

Vulnerability Name:

CVE-2017-11637 (CCN-129529)

Assigned:

2017-07-22

Published:

2017-07-22

Updated:

2018-10-18

Summary:

GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2017-11637

Source: CCN
Type: graphicsmagick Web page
PCL: Fix null pointer dereference in writing monochrome images

Source: CONFIRM
Type: Third Party Advisory
http://hg.code.sf.net/p/graphicsmagick/code/rev/f3ffc5541257

Source: XF
Type: UNKNOWN
graphicsmagick-cve201711637-dos(129529)

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update

Source: UBUNTU
Type: UNKNOWN
USN-4206-1

Source: DEBIAN
Type: UNKNOWN
DSA-4321

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-11637

Vulnerable Configuration:

Configuration 1:

cpe:/a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201711637	V	CVE-2017-11637	2022-05-22
oval:org.opensuse.security:def:34678	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:29492	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:29464	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:34595	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:31706	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:30267	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:33996	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:30256	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:30255	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:33972	P	Security update for openssl-1_1 (Low)	2021-09-09
oval:org.opensuse.security:def:29406	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:34497	P	Security update for java-11-openjdk (Important)	2021-08-05
oval:org.opensuse.security:def:33933	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:33670	P	Security update for qemu (Important)	2021-06-10
oval:org.opensuse.security:def:32064	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:32272	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:34652	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:34040	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:31744	P	Security update for MozillaFirefox (Important)	2021-01-12
oval:org.opensuse.security:def:32138	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:33884	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:32831	P	Security update for curl (Moderate)	2020-12-14
oval:org.opensuse.security:def:35755	P	libneon27-0.29.6-6.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35796	P	opie-2.4-662.18.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:29947	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:29195	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:29841	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:29991	P	Security update for libtasn1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30473	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:30861	P	Security update for ecryptfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:31024	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32509	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32809	P	xorg-x11-Xvnc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33552	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:33216	P	openCryptoki on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33582	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34266	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:34959	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:35117	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26492	P	Security update for icingaweb2 (Important)	2020-12-01
oval:org.opensuse.security:def:26776	P	libzip1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27121	P	fastjar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27267	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26516	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26720	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27093	P	boost-license on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27248	P	nfs-client on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28118	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:28473	P	Security update for xorg-x11-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:28766	P	Security update for libsndfile	2020-12-01
oval:org.opensuse.security:def:29500	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29206	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:29549	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:29890	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:30629	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:30562	P	Security update for pcp	2020-12-01
oval:org.opensuse.security:def:30916	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31068	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32052	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:32665	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33295	P	xorg-x11-libXext-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34718	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:34277	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:35008	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:26503	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26833	P	tgt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27170	P	libMagickCore1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27905	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26517	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26801	P	pcsc-ccid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27146	P	hplip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27292	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28042	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:28248	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28625	P	Security update for Image Magick	2020-12-01
oval:org.opensuse.security:def:28782	P	Security update for lxc	2020-12-01
oval:org.opensuse.security:def:29275	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29634	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:29929	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:30666	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:30619	P	Security update for wireshark	2020-12-01
oval:org.opensuse.security:def:30965	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:32053	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:32365	P	Security update for supportutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:32721	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32875	P	gstreamer-0_10-plugins-base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33204	P	man on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33430	P	Security update for cron	2020-12-01
oval:org.opensuse.security:def:33827	P	Security update for gnome-session (Moderate)	2020-12-01
oval:org.opensuse.security:def:34361	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:34742	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:35047	P	Security update for jasper (Important)	2020-12-01
oval:org.opensuse.security:def:26567	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26917	P	hyper-v on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27209	P	libproxy0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27940	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26528	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26858	P	aaa_base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27195	P	libmpfr1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27930	P	Security update for GraphicsMagick (Low)	2020-12-01
oval:org.opensuse.security:def:28043	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:28332	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:28678	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:28826	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:29194	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:29787	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:30341	P	Security update for unzip	2020-12-01
oval:org.opensuse.security:def:30706	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31004	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32422	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:32770	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33513	P	Security update for perl-HTML-Parser	2020-12-01
oval:org.opensuse.security:def:33205	P	mipv6d on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33525	P	Security update for tgt	2020-12-01
oval:org.opensuse.security:def:34265	P	Security update for ppp (Moderate)	2020-12-01
oval:org.opensuse.security:def:34901	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:35073	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26491	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:26695	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27068	P	Mesa-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27223	P	libtspi1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26592	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26942	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27234	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27965	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28054	P	Security update for cyrus-imapd (Important)	2020-12-01
oval:org.opensuse.security:def:28389	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:28727	P	Security update for krb5 (Important)	2020-12-01
oval:com.ubuntu.bionic:def:2017116370000000	V	CVE-2017-11637 on Ubuntu 18.04 LTS (bionic) - medium.	2017-07-26
oval:com.ubuntu.artful:def:201711637000	V	CVE-2017-11637 on Ubuntu 17.10 (artful) - medium.	2017-07-26
oval:com.ubuntu.xenial:def:201711637000	V	CVE-2017-11637 on Ubuntu 16.04 LTS (xenial) - medium.	2017-07-26
oval:com.ubuntu.xenial:def:2017116370000000	V	CVE-2017-11637 on Ubuntu 16.04 LTS (xenial) - medium.	2017-07-26
oval:com.ubuntu.bionic:def:201711637000	V	CVE-2017-11637 on Ubuntu 18.04 LTS (bionic) - medium.	2017-07-26
oval:com.ubuntu.disco:def:2017116370000000	V	CVE-2017-11637 on Ubuntu 19.04 (disco) - medium.	2017-07-26
oval:com.ubuntu.cosmic:def:201711637000	V	CVE-2017-11637 on Ubuntu 18.10 (cosmic) - medium.	2017-07-26
oval:com.ubuntu.cosmic:def:2017116370000000	V	CVE-2017-11637 on Ubuntu 18.10 (cosmic) - medium.	2017-07-26
oval:com.ubuntu.trusty:def:201711637000	V	CVE-2017-11637 on Ubuntu 14.04 LTS (trusty) - medium.	2017-07-26

BACK