Miggo Logo
Miggo Vulnerability Database
CVE-2017-7275

CVE-2017-7275:
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause...

5.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-7275
GHSA ID
GHSA-5rcv-qr5q-7p43
EPSS Score
0.41051%
CWE
CWE-119
Published
5/17/2022
Updated
4/20/2025
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is primarily based on the vulnerability description and the stack trace provided in the linked GitHub issue #271, as attempts to fetch commit information were unsuccessful. The vulnerability description directly implicates 'ReadPCXImage' in 'coders/pcx.c'. The stack trace from the issue report confirms that 'ReadPCXImage' calls 'AcquireVirtualMemory' (and 'AcquireMagickMemory' is also in the stack), which then fails due to an attempt to allocate a very large amount of memory. Therefore, 'ReadPCXImage' is the function processing the malicious input and determining the size of the memory to be allocated, making it the core vulnerable function. 'AcquireVirtualMemory' and 'AcquireMagickMemory' are runtime indicators as they are directly involved in the crashing behavior triggered by the vulnerability in 'ReadPCXImage'.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** R***P*XIm*** *un*tion in *o**rs/p*x.* in Im***M**i*k *.*.*.* *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** (*tt*mpt** l*r** m*mory *llo**tion *n* *ppli**tion *r*s*) vi* * *r**t** *il*. NOT*: t*is vuln*r**ility *xists ****us* o* *n in*ompl*

Reasoning

T** *n*lysis is prim*rily **s** on t** vuln*r**ility **s*ription *n* t** st**k tr*** provi*** in t** link** *it*u* issu* #***, *s *tt*mpts to **t** *ommit in*orm*tion w*r* unsu***ss*ul. T** vuln*r**ility **s*ription *ir**tly impli**t*s 'R***P*XIm***'