Intrusion Prevention

GraphicsMagick.ReadMNGImage.Function.Use.After.Free

Description

This indicates an attack attempt against a Memory Corruption vulnerability in GraphicsMagick.
The vulnerability is caused by an error when ReadMNGImage function handles a malformed PNG file. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted PNG file.

Affected Products

GraphicsMagick 1.3.26

Impact

System Compromise: Remote attacker can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site.
http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37

CVE References

CVE-2017-11403