CVE-2017-14172

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.7-0 Q16

Description The issue is related to a lack of an EOF (End of File) check in the ReadPSImage() function, which can cause huge CPU consumption. This occurs when a crafted PSD file with a large "extent" field in the header but insufficient backing data is provided, leading to a loop that consumes significant CPU resources. The vulnerability can be exploited by a remote attacker to cause a denial of service by consuming computational resources.

Recommendations For ImageMagick version 7.0.7-0 Q16, consider disabling the ReadPSImage() function as a temporary workaround until a patch is available to prevent the exploitation of this issue. Restrict access to PSD files to minimize the risk of exploitation. Avoid using the length variable in the affected loop until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.