CVE-2017-17498

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.26

Description The issue allows remote attackers to cause a denial of service, potentially leading to an application crash, via a crafted file. This is due to a heap-based buffer overflow in the MagickBitStreamMSBWrite function within the bit stream.c file. The vulnerability is related to the WritePNMImage function in coders/pnm.c.

Recommendations For GraphicsMagick version 1.3.26, consider avoiding the use of the WritePNMImage function in coders/pnm.c until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.