Vulnerability Details : CVE-2017-14650
A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line.
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2017-14650
Probability of exploitation activity in the next 30 days: 1.91%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-14650
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
|
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2017-14650
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-14650
-
https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b
Fix RCE in _raw() via $index parameter. · horde/horde@eb3afd1 · GitHubExploit;Third Party Advisory
-
https://marc.info/?l=horde-announce&m=150600299528079&w=2
'[announce] [SECURITY] RCE vulnerability in Horde_Image' - MARCMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/09/21/4
oss-security - CVE request: code execution in Horde_Image 2.0.0 to 2.5.1Mailing List;Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4276
Debian -- Security Information -- DSA-4276-1 php-horde-image
Products affected by CVE-2017-14650
- cpe:2.3:a:horde:horde_image_api:2.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.0.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_image_api:2.3.4:*:*:*:*:*:*:*