Is this exploit related to CVE-2017-9098?
r-31415 opened this issue · 4 comments
I understand that this exploit targets CVE-2017-15277 (see vul=77607). However, Chris Evans also identified a similar issue: CVE-2017-9098 (see vul=72145). Given that this repo provides a PoC for the most recent vulnerability, I was wondering whether this exploit supersedes CVE-2017-9098 in some way.
An alternative is the following: CVE-2017-15277 is more dangerous than CVE-2017-15277, so maybe the reasoning is that a server vulnerable to CVE-2017-15277 can be exploited in both ways, but a single exploit is good enough.
Any of the previous assumptions is correct?
Hello,
This exploit is not related with CVE-2017-9098 in any way except they have same impact --- uninitialized memory leakage. The issues happen in different parts of IM/GM (CVE-2017-9098 targets RLE decoder and CVE-2017-15277 targets gif decoder), so neither of them supersedes the other one.
Hi @neex
Thank you for your quick response. Would it be possible to have an ImageMagick installation vulnerable to CVE-2017-9098 but not to CVE-2017-15277? That is what I meant by "supersedes", by the way.
Well, considering the fact that the fix for CVE-2017-9098 was released 4 months before the fix for CVE-2017-15277, I don't think there is any distribution or release that includes the second, but does not include the first one.
So you're correct, CVE-2017-15277 supersedes CVE-2017-9098 in this way. But there might be setups where exploit for CVE-2017-15277 is not applicable for external reasons, for example gifs are not accepted for upload and pngs (i.e. exploit for CVE-2017-9098) are allowed.
But there might be setups where exploit for CVE-2017-15277 is not applicable for external reasons, for example gifs are not accepted for upload and pngs (i.e. exploit for CVE-2017-9098) are allowed.
Interesting. Yes, you're right. Well, that answer my question. Thank you!