CVE-2017-11139

Publication date 10 July 2017

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.

Read the notes from the security team

Status

Package Ubuntu Release Status

Notes

sbeattie

introduced by CVE-2017-11102 commit http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5

ebarretto

This issue doesn't affect trusty and xenial if we don't apply the above commit for CVE-2017-11102

Severity score breakdown

Parameter Value
Base score 9.8 · Critical
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H