| Vulnerability Name: | CVE-2017-14650 (CCN-132439) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2017-09-21 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2017-09-21 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2018-08-18 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-14650 Source: CCN Type: oss-sec Mailing List, Thu, 21 Sep 2017 16:50:07 +0200 CVE request: code execution in Horde_Image 2.0.0 to 2.5.1 Source: MISC Type: Mailing List, Third Party Advisory http://www.openwall.com/lists/oss-security/2017/09/21/4 Source: XF Type: UNKNOWN hordeimage-cge201714650-code-exec(132439) Source: CCN Type: horde GIT Repository Fix RCE in _raw() via $index parameter. Source: MISC Type: Exploit, Third Party Advisory https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b Source: MISC Type: Mailing List, Third Party Advisory https://marc.info/?l=horde-announce&m=150600299528079&w=2 Source: DEBIAN Type: UNKNOWN DSA-4276 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||