{"id":"CVE-2017-16546","details":"The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.","modified":"2026-05-15T04:00:48.136478214Z","published":"2017-11-05T22:29:00.230Z","related":["SUSE-SU-2017:3378-1","SUSE-SU-2017:3388-1","SUSE-SU-2017:3435-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"14.04"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"extracted_events":[{"last_affected":"16.04"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"extracted_events":[{"last_affected":"17.10"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"18.04"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"9.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3681-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4040"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4074"},{"type":"REPORT","url":"https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/issues/851"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}