CVE-2017-11754

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.6-4

Description The issue is related to the WritePICONImage function in coders/xpm.c, which can cause a denial of service due to a memory leak. This occurs when a crafted file is mishandled in an OpenPixelCache call, allowing remote attackers to exploit the vulnerability. The exploitation can lead to a memory leak, resulting in a denial of service.

Recommendations For ImageMagick version 7.0.6-4, consider disabling the WritePICONImage function as a temporary workaround until a patch is available. Restrict access to the OpenPixelCache call to minimize the risk of exploitation. Avoid using the coders/xpm.c module with untrusted files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.