Heap-based Buffer Overflow in GraphicsMagick 1.3.26's DescribeImage() Function

Heap-based Buffer Overflow in GraphicsMagick 1.3.26's DescribeImage() Function

CVE-2017-16352 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.

Learn more about our Web Application Penetration Testing UK.