CVE-2017-18211

high-risk
Published 2018-03-01

In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.

Do I need to act?

-
0.56% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Imagemagick Canonical

References (8)

Third Party Advisory http://www.securityfocus.com/bid/103220
Patch https://github.com/ImageMagick/ImageMagick/issues/792
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
Third Party Advisory https://usn.ubuntu.com/3681-1/
Third Party Advisory http://www.securityfocus.com/bid/103220
Patch https://github.com/ImageMagick/ImageMagick/issues/792
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
Third Party Advisory https://usn.ubuntu.com/3681-1/
56
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 22/34 · High