CVE-2017-18272
Publication date 18 May 2018
Last updated 25 August 2025
Ubuntu priority
Description
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| imagemagick | 18.04 LTS bionic |
Not affected
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Severity score breakdown
CVSS version: CVSS v3.0
Base score
6.5 · Medium
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H