{"id":"CVE-2017-5506","details":"Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.","modified":"2026-04-11T04:14:35.874489Z","published":"2017-03-24T15:59:00.967Z","related":["CGA-qx23-r4wx-fppj","MGASA-2018-0229","SUSE-SU-2017:0529-1","SUSE-SU-2017:0586-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201702-09"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3799"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95753"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/issues/354"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/16/6"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/17/5"},{"type":"FIX","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851383"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/9a069e0f2e027ec5138f998023cf9cb62c04889f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"9a069e0f2e027ec5138f998023cf9cb62c04889f"}]},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"9a069e0f2e027ec5138f998023cf9cb62c04889f"}]}],"versions":["7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.2-0","7.0.2-1","7.0.2-10","7.0.2-2","7.0.2-3","7.0.2-4","7.0.2-5","7.0.2-6","7.0.2-7","7.0.2-8","7.0.2-9","7.0.3-0","7.0.3-1","7.0.3-10","7.0.3-2","7.0.3-3","7.0.3-4","7.0.3-5","7.0.3-6","7.0.3-7","7.0.3-8","7.0.3-9","7.0.4-0","7.0.4-1","7.0.4-2","7.0.4-3"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/imagemagick/imagemagick/commit/9a069e0f2e027ec5138f998023cf9cb62c04889f","signature_version":"v1","signature_type":"Function","deprecated":false,"digest":{"length":3591,"function_hash":"308965680371439339941262921478863726459"},"id":"CVE-2017-5506-d0ba562c","target":{"function":"SyncExifProfile","file":"MagickCore/profile.c"}},{"source":"https://github.com/imagemagick/imagemagick/commit/9a069e0f2e027ec5138f998023cf9cb62c04889f","signature_version":"v1","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["290562315196422800326332542922668182923","83810015583027550648305514203288364177","82610912439521640914908861783932515867","77773222962267167965065354445802417210"],"threshold":0.9},"id":"CVE-2017-5506-df86a7b8","target":{"file":"MagickCore/profile.c"}}],"vanir_signatures_modified":"2026-04-11T04:14:35Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5506.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}