CVE-2017-14314: Medium severity GraphicsMagick Graphicsmagick vulnerability
Published Sep 12, 2017
·Updated
Last updated 25 August 2025
Other sources
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
— Launchpad
Affected Software
4 affected componentsFixes available
GraphicsMagick Graphicsmagick=1.3.26
Debian Debian Linux=8.0
Debian Debian Linux=9.0
debian/graphicsmagick
1.4+really1.3.36+hg16481-2+deb11u11.4+really1.3.40-4+deb12u11.4+really1.3.45+hg17696-11.4+really1.3.46-2
Remediation
Patch Available
Patch Available
Event History
Sep 12, 2017
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Jan 11, 2024
Data Sourced
via Launchpad·10:28 PM
Description
Feb 19, 2026
Data Sourced
via Ubuntu·08:56 PM
RemedyDescriptionSeverityAffected Software
Data Sourced
via Debian·08:56 PM
DescriptionAffected Software
Frequently Asked Questions
1
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2017-14314.
2
What is the severity of CVE-2017-14314?
The severity of CVE-2017-14314 is medium with a CVSS score of 6.5.
3
How does CVE-2017-14314 affect GraphicsMagick?
CVE-2017-14314 affects GraphicsMagick version 1.3.26.
4
How can remote attackers exploit CVE-2017-14314?
Remote attackers can exploit CVE-2017-14314 by causing a denial of service (DoS) and application crash through a crafted file.
5
Is there a fix available for CVE-2017-14314?
Yes, a fix is available for CVE-2017-14314. Please refer to the provided references for more information.