Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-14650

A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line.

Published

2017-09-21T17:29:00.590

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	horde	horde_image_api	2.0.0	Yes
Application	horde	horde_image_api	2.0.0	Yes
Application	horde	horde_image_api	2.0.0	Yes
Application	horde	horde_image_api	2.0.0	Yes
Application	horde	horde_image_api	2.0.1	Yes
Application	horde	horde_image_api	2.0.2	Yes
Application	horde	horde_image_api	2.0.3	Yes
Application	horde	horde_image_api	2.0.4	Yes
Application	horde	horde_image_api	2.0.5	Yes
Application	horde	horde_image_api	2.0.6	Yes
Application	horde	horde_image_api	2.0.7	Yes
Application	horde	horde_image_api	2.0.8	Yes
Application	horde	horde_image_api	2.0.9	Yes
Application	horde	horde_image_api	2.1.0	Yes
Application	horde	horde_image_api	2.2.0	Yes
Application	horde	horde_image_api	2.3.0	Yes
Application	horde	horde_image_api	2.3.1	Yes
Application	horde	horde_image_api	2.3.2	Yes
Application	horde	horde_image_api	2.3.3	Yes
Application	horde	horde_image_api	2.3.4	Yes
Application	horde	horde_image_api	2.3.5	Yes
Application	horde	horde_image_api	2.3.6	Yes
Application	horde	horde_image_api	2.4.0	Yes
Application	horde	horde_image_api	2.4.1	Yes
Application	horde	horde_image_api	2.5.0	Yes
Application	horde	horde_image_api	2.5.1	Yes

References

http://www.openwall.com/lists/oss-security/2017/09/21/4 Mailing List, Third Party Advisory ([email protected])
https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b Exploit, Third Party Advisory ([email protected])
https://marc.info/?l=horde-announce&m=150600299528079&w=2 Mailing List, Third Party Advisory ([email protected])
https://www.debian.org/security/2018/dsa-4276 ([email protected])
http://www.openwall.com/lists/oss-security/2017/09/21/4 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://marc.info/?l=horde-announce&m=150600299528079&w=2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4276 (af854a3a-2127-422b-91ae-364da2661108)