CVE-2017-14175

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.6-1 Q16

Description The issue is related to a lack of an EOF (End of File) check in the ReadXBMImage() function, which can cause huge CPU consumption. This occurs when a crafted XBM file with large rows and columns fields in the header but insufficient backing data is provided, leading to a loop over the rows that consumes significant CPU resources.

Recommendations For ImageMagick version 7.0.6-1 Q16, consider disabling the ReadXBMImage() function until a patch is available to prevent potential denial of service attacks. Restrict access to XBM files to minimize the risk of exploitation. Avoid using the ReadXBMImage() function with untrusted input files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.