Alpine: multiple graphicsmagick packages: security update to 1.3.26-r2

high Tenable Cloud Security Plugin ID 404814

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-
read. (CVE-2017-12937)

- GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when
processing a non-colormapped image, a different vulnerability than CVE-2017-11638. (CVE-2017-11642)

- The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a
denial of service (out-of-bounds read and application crash) via a crafted file, because the program's
actual control flow was inconsistent with its indentation. This resulted in a logging statement executing
outside of a loop, and consequently using an invalid array index corresponding to the loop's exit
condition. (CVE-2017-11722)

- The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to
an invalid memory read in the SetImageColorCallBack function in magick/image.c. (CVE-2017-12935)

- The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data
associated with exception reporting. (CVE-2017-12936)

See Also

https://security.alpinelinux.org/vuln/CVE-2017-11642

https://security.alpinelinux.org/vuln/CVE-2017-11722

https://security.alpinelinux.org/vuln/CVE-2017-12935

https://security.alpinelinux.org/vuln/CVE-2017-12936

https://security.alpinelinux.org/vuln/CVE-2017-12937

https://security.alpinelinux.org/vuln/CVE-2017-13063

https://security.alpinelinux.org/vuln/CVE-2017-13064

Plugin Details

Severity: High

ID: 404814

Version: Revision 1.26

Type: Local

Published: 10/31/2023

Updated: 12/4/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-12937

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/22/2017

Reference Information

CVE: CVE-2017-11642, CVE-2017-11722, CVE-2017-12935, CVE-2017-12936, CVE-2017-12937, CVE-2017-13063, CVE-2017-13064

BID: 100288, 100395, 100413, 100442, 100474, 100603