CVE-2017-14997 - Integer Underflow (Wrap or Wraparound)

Severity

71%

Complexity

86%

Confidentiality

115%

GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.

CVSS 3.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 7.1. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C).

Demo Examples

Integer Underflow (Wrap or Wraparound)

CWE-191

The following example subtracts from a 32 bit signed integer.


               }return 0;

The example has an integer underflow. The value of i is already at the lowest negative value possible, so after subtracting 1, the new value of i is 2147483647.

Overview

First reported 7 years ago

2017-10-04 01:29:00

Last updated 5 years ago

2019-06-30 03:15:00

Affected Software

GraphicsMagick 1.3.26

1.3.26

Debian Linux 8.0 (Jessie)

8.0

Debian Linux 9.0

9.0

References

http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=0683f8724200

Issue Tracking, Patch, Vendor Advisory

101183

Third Party Advisory, VDB Entry

[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update

Mailing List, Third Party Advisory

FEDORA-2019-da4c20882c

FEDORA-2019-425a1aa7c9

https://sourceforge.net/p/graphicsmagick/bugs/511/

Issue Tracking, Patch, Third Party Advisory

https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/