~ubuntu-security/ubuntu-cve-tracker/master

« back to all changes in this revision

Viewing changes to active/CVE-2017-10928

• browse files at revision 12852
• compare with another revision
• download diff
• download tarball
• view history from revision 12852

Show diffs side-by-side

added

removed

active/CVE-2017-10928

 

1

Candidate: CVE-2017-10928

 

2

PublicDate: 2017-07-05

 

3

References:

 

4

 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10928

 

5

 https://github.com/ImageMagick/ImageMagick/issues/539

 

6

Description:

 

7

 In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken

 

8

 function in token.c allows remote attackers to obtain sensitive information

 

9

 from process memory or possibly have unspecified other impact via a crafted

 

10

 SVG document that is mishandled in the GetUserSpaceCoordinateValue function

 

11

 in coders/svg.c.

 

12

Ubuntu-Description:

 

13

Notes:

 

14

Bugs:

 

15

Priority: medium

 

16

Discovered-by:

 

17

Assigned-to:

 

18

 

 

19

Patches_imagemagick:

 

20

upstream_imagemagick: needs-triage

 

21

precise/esm_imagemagick: DNE

 

22

trusty_imagemagick: needs-triage

 

23

vivid/ubuntu-core_imagemagick: DNE

 

24

xenial_imagemagick: needs-triage

 

25

yakkety_imagemagick: needs-triage

 

26

zesty_imagemagick: needs-triage

 

27

devel_imagemagick: needs-triage

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.1