{"id":"CVE-2017-13142","details":"In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.","modified":"2026-07-08T12:44:30.871579Z","published":"2017-08-23T06:29:00.307Z","related":["SUSE-SU-2018:0349-1","SUSE-SU-2018:0350-1","SUSE-SU-2018:0413-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_STRING","cpes":["cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*"],"vendor_product":"imagemagick:imagemagick","extracted_events":[{"introduced":"7.0.0-0"},{"last_affected":"7.0.0-0"},{"introduced":"7.0.0-0"},{"last_affected":"7.0.0-0"},{"introduced":"7.0.1-0"},{"last_affected":"7.0.1-0"}]}]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"},{"type":"WEB","url":"https://usn.ubuntu.com/3681-1/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201711-07"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4019"},{"type":"FIX","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870105"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"e46b7d19de7914881986ef939f690facc7a0198d"},{"last_affected":"9caa8b0c4269163def2ce0fa6ff1754ec0c234d2"},{"fixed":"46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3"},{"fixed":"aa84944b405acebbeefe871d0f64969b9e9f31ac"}],"database_specific":{"source":["CPE_STRING","REFERENCES"],"cpe":["cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.2-6:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.2-7:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.2-8:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.3-5:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.3-6:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.3-7:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.3-9:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.3-10:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.4-0:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.4-1:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.4-2:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.4-3:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.4-4:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.4-5:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.4-6:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.4-7:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.4-8:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.4-9:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.4-10:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.5-0:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.5-1:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.5-2:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.5-3:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.5-4:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.5-5:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.5-6:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.5-7:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.5-8:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.5-10:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.6-0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"7.0.1-0"},{"last_affected":"7.0.1-0"},{"introduced":"7.0.1-1"},{"last_affected":"7.0.1-1"},{"introduced":"7.0.1-2"},{"last_affected":"7.0.1-2"},{"introduced":"7.0.1-3"},{"last_affected":"7.0.1-3"},{"introduced":"7.0.1-4"},{"last_affected":"7.0.1-4"},{"introduced":"7.0.1-5"},{"last_affected":"7.0.1-5"},{"introduced":"7.0.1-6"},{"last_affected":"7.0.1-6"},{"introduced":"7.0.1-7"},{"last_affected":"7.0.1-7"},{"introduced":"7.0.1-8"},{"last_affected":"7.0.1-8"},{"introduced":"7.0.1-9"},{"last_affected":"7.0.1-9"},{"introduced":"7.0.1-10"},{"last_affected":"7.0.1-10"},{"introduced":"7.0.2-0"},{"last_affected":"7.0.2-0"},{"introduced":"7.0.2-1"},{"last_affected":"7.0.2-1"},{"introduced":"7.0.2-2"},{"last_affected":"7.0.2-2"},{"introduced":"7.0.2-3"},{"last_affected":"7.0.2-3"},{"introduced":"7.0.2-4"},{"last_affected":"7.0.2-4"},{"introduced":"7.0.2-5"},{"last_affected":"7.0.2-5"},{"introduced":"7.0.2-6"},{"last_affected":"7.0.2-6"},{"introduced":"7.0.2-7"},{"last_affected":"7.0.2-7"},{"introduced":"7.0.2-8"},{"last_affected":"7.0.2-8"},{"introduced":"7.0.2-9"},{"last_affected":"7.0.2-9"},{"introduced":"7.0.2-10"},{"last_affected":"7.0.2-10"},{"introduced":"7.0.3-0"},{"last_affected":"7.0.3-0"},{"introduced":"7.0.3-1"},{"last_affected":"7.0.3-1"},{"introduced":"7.0.3-2"},{"last_affected":"7.0.3-2"},{"introduced":"7.0.3-3"},{"last_affected":"7.0.3-3"},{"introduced":"7.0.3-4"},{"last_affected":"7.0.3-4"},{"introduced":"7.0.3-5"},{"last_affected":"7.0.3-5"},{"introduced":"7.0.3-6"},{"last_affected":"7.0.3-6"},{"introduced":"7.0.3-7"},{"last_affected":"7.0.3-7"},{"introduced":"7.0.3-8"},{"last_affected":"7.0.3-8"},{"introduced":"7.0.3-9"},{"last_affected":"7.0.3-9"},{"introduced":"7.0.3-10"},{"last_affected":"7.0.3-10"},{"introduced":"7.0.4-0"},{"last_affected":"7.0.4-0"},{"introduced":"7.0.4-1"},{"last_affected":"7.0.4-1"},{"introduced":"7.0.4-2"},{"last_affected":"7.0.4-2"},{"introduced":"7.0.4-3"},{"last_affected":"7.0.4-3"},{"introduced":"7.0.4-4"},{"last_affected":"7.0.4-4"},{"introduced":"7.0.4-5"},{"last_affected":"7.0.4-5"},{"introduced":"7.0.4-6"},{"last_affected":"7.0.4-6"},{"introduced":"7.0.4-7"},{"last_affected":"7.0.4-7"},{"introduced":"7.0.4-8"},{"last_affected":"7.0.4-8"},{"introduced":"7.0.4-9"},{"last_affected":"7.0.4-9"},{"introduced":"7.0.4-10"},{"last_affected":"7.0.4-10"},{"introduced":"7.0.5-0"},{"last_affected":"7.0.5-0"},{"introduced":"7.0.5-1"},{"last_affected":"7.0.5-1"},{"introduced":"7.0.5-2"},{"last_affected":"7.0.5-2"},{"introduced":"7.0.5-3"},{"last_affected":"7.0.5-3"},{"introduced":"7.0.5-4"},{"last_affected":"7.0.5-4"},{"introduced":"7.0.5-5"},{"last_affected":"7.0.5-5"},{"introduced":"7.0.5-6"},{"last_affected":"7.0.5-6"},{"introduced":"7.0.5-7"},{"last_affected":"7.0.5-7"},{"introduced":"7.0.5-8"},{"last_affected":"7.0.5-8"},{"introduced":"7.0.5-10"},{"last_affected":"7.0.5-10"},{"introduced":"7.0.6-0"},{"last_affected":"7.0.6-0"}]}}],"versions":["7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.2-0","7.0.2-1","7.0.2-10","7.0.2-2","7.0.2-3","7.0.2-4","7.0.2-5","7.0.2-6","7.0.2-7","7.0.2-8","7.0.2-9","7.0.3-0","7.0.3-1","7.0.3-10","7.0.3-2","7.0.3-3","7.0.3-4","7.0.3-5","7.0.3-6","7.0.3-7","7.0.3-8","7.0.3-9","7.0.4-0","7.0.4-1","7.0.4-10","7.0.4-2","7.0.4-3","7.0.4-4","7.0.4-5","7.0.4-6","7.0.4-7","7.0.4-8","7.0.4-9","7.0.5-0","7.0.5-1","7.0.5-10","7.0.5-2","7.0.5-3","7.0.5-4","7.0.5-5","7.0.5-6","7.0.5-7","7.0.5-8","7.0.6-0","7.0.5-9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-13142.json","vanir_signatures_modified":"2026-07-08T12:44:30Z","vanir_signatures":[{"source":"https://github.com/imagemagick/imagemagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac","digest":{"function_hash":"13362347524342574384703566397225583800","length":1780},"signature_version":"v1","deprecated":false,"id":"CVE-2017-13142-19b52e47","target":{"function":"ReadJNGImage","file":"coders/png.c"},"signature_type":"Function"},{"source":"https://github.com/imagemagick/imagemagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac","digest":{"threshold":0.9,"line_hashes":["326455609614866216940399476301549101549","338851730033346989660434756888564546153","44294244353091790537575886470667833785","87918053458789940417427346190879973218","206626609952949880988900363433539476092","94316465618056777476068442927907929918","336280751748461001034724222194573890329","13177914361786081372019547463312677513","281776593149918802769634087651493180732","31206271938955338109084416140681765772","143527741848806246441078432509189604832","75352460657413525463325341840953390484","169177708921285482016019561524981098429","307766291800298046098288038094017243089","143527741848806246441078432509189604832","75352460657413525463325341840953390484","19129643977660818524009288121207423250","326507896281541959498116083068804831307","143527741848806246441078432509189604832","75352460657413525463325341840953390484","28939437120756539382551927478592430687","227357390326523695636950810791924363103","143527741848806246441078432509189604832","75352460657413525463325341840953390484","68932679923570968636578141130124287885","161102974961491600439550351012086307366","143527741848806246441078432509189604832","75352460657413525463325341840953390484","310918440111508541374788640043860926624","2751514919007922447653913115756251173","143527741848806246441078432509189604832","75352460657413525463325341840953390484","235405393893807743334293318543131679754","226496798902684702410392987469587660142","143527741848806246441078432509189604832","75352460657413525463325341840953390484","19129643977660818524009288121207423250","148167523877645622947011208907551155149","288193433879498239135985394746808646721","252888731537555377260870805708742356976","335182501040967392748415650463539994004","71463701511315571789231263030200694586"]},"signature_version":"v1","deprecated":false,"id":"CVE-2017-13142-37adb5af","target":{"file":"coders/png.c"},"signature_type":"Line"},{"source":"https://github.com/imagemagick/imagemagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3","digest":{"function_hash":"48252386081850201196127466629274954997","length":13778},"signature_version":"v1","deprecated":false,"id":"CVE-2017-13142-53d48158","target":{"function":"ReadOneJNGImage","file":"coders/png.c"},"signature_type":"Function"},{"source":"https://github.com/imagemagick/imagemagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac","digest":{"function_hash":"304589208402044349893746777234291186036","length":2975},"signature_version":"v1","deprecated":false,"id":"CVE-2017-13142-55110b63","target":{"function":"ReadPNGImage","file":"coders/png.c"},"signature_type":"Function"},{"source":"https://github.com/imagemagick/imagemagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3","digest":{"function_hash":"39950147133060621481976959969344460986","length":44799},"signature_version":"v1","deprecated":false,"id":"CVE-2017-13142-735c5607","target":{"function":"ReadOneMNGImage","file":"coders/png.c"},"signature_type":"Function"},{"source":"https://github.com/imagemagick/imagemagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac","digest":{"function_hash":"156256479764466560784844995638608769021","length":5237},"signature_version":"v1","deprecated":false,"id":"CVE-2017-13142-a3eb0bc0","target":{"function":"RegisterPNGImage","file":"coders/png.c"},"signature_type":"Function"},{"source":"https://github.com/imagemagick/imagemagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3","digest":{"threshold":0.9,"line_hashes":["309571721015615486280371720082855428490","204207590968782268948368537037891243267","83659384441276588822447506636471393683","288115673239882816567027482483297148855","309571721015615486280371720082855428490","204207590968782268948368537037891243267","83659384441276588822447506636471393683","288115673239882816567027482483297148855"]},"signature_version":"v1","deprecated":false,"id":"CVE-2017-13142-b61d267c","target":{"file":"coders/png.c"},"signature_type":"Line"}]}},{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"19858ec47b7aa6890efbaa1a1d40fde51afb8db3"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"6.9.9-0"}]}}],"versions":["6.9.9-0","6.9.8-10","6.9.8-9","6.9.8-8","6.9.8-7","6.9.8-6","6.9.8-5","6.9.8-4","6.9.8-3","6.9.8-2","6.9.8-1","6.9.8-0","6.9.7-10","6.9.7-9","6.9.7-8","6.9.7-7","6.9.7-6","6.9.7-5","6.9.7-4","6.9.7-3","6.9.7-2","6.9.7-1","6.9.7-0","6.9.6-8","6.9.6-7","6.9.6-6","6.9.6-5","6.9.6-4","6.9.6-3","6.9.6-2","6.9.6-1","6.9.6-0","6.9.5-10","6.9.5-9","6.9.5-8","6.9.5-7","6.9.5-6","6.9.5-5","6.9.5-4","6.9.5-3","6.9.5-2","6.9.5-1","6.9.5-0","6.9.4-10","6.9.4-9","6.9.4-8","6.9.4-7","6.9.4-6","6.9.4-5","6.9.4-4","6.9.4-3","6.9.4-2","6.9.4-1","6.9.4-0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-13142.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}