CVE-2017-9261

Description

In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

How to fix CVE-2017-9261

To remediate CVE-2017-9261, upgrade the affected package to a fixed version below.

• Debian/imagemagick—upgrade to 8:6.9.7.4+dfsg-10 or later
• Debian/imagemagick—upgrade to 8:6.7.7.10-5+deb7u15 or later

Is CVE-2017-9261 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 8:6.9.7.4+dfsg-10
• from 0, < 8:6.7.7.10-5+deb7u15

CVSS scores

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2017-9261