CVE-2017-11724

high-risk

Published 2017-07-29

The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures.

Do I need to act?

0.46% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Imagemagick

Affected Vendors

Imagemagick

References (6)

http://www.securityfocus.com/bid/104597

Third Party Advisory https://github.com/ImageMagick/ImageMagick/issues/624

https://security.gentoo.org/glsa/201711-07

http://www.securityfocus.com/bid/104597

Third Party Advisory https://github.com/ImageMagick/ImageMagick/issues/624

https://security.gentoo.org/glsa/201711-07

/ 100

high-risk

Severity 24/34 · High

Exploitability 2/34 · Minimal

Exposure 26/34 · High