CVE-2017-14994

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.26

Description The issue is related to the ReadDCMImage function in coders/dcm.c, which can cause a denial of service due to a NULL pointer dereference when processing a crafted DICOM image. This is connected to the DCM ReadNonNativeImages function's ability to return an image list with zero frames. The vulnerability can be exploited by remote attackers using a specially crafted DICOM file, leading to a service disruption.

Recommendations For GraphicsMagick version 1.3.26, consider disabling the ReadDCMImage function in coders/dcm.c as a temporary workaround to prevent exploitation until a patch is available. Restrict the processing of DICOM images to minimize the risk of service disruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.