Vulnerability Details : CVE-2017-12434
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2017-12434
Probability of exploitation activity in the next 30 days: 0.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 38 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-12434
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
|
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2017-12434
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-12434
-
https://www.debian.org/security/2017/dsa-4019
Debian -- Security Information -- DSA-4019-1 imagemagick
-
https://github.com/ImageMagick/ImageMagick/issues/547
assertion failed in DestroyImageInfo · Issue #547 · ImageMagick/ImageMagick · GitHubIssue Tracking;Patch;Third Party Advisory
Products affected by CVE-2017-12434
- cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*