CVE-2017-11140

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.26

Description The issue is related to the handling of JPEG files, which can cause a denial of service due to resource consumption. This can be achieved by remote attackers using crafted JPEG files. The problem is associated with the ReadJPEGImage function in coders/jpeg.c, where a pixel cache is created before a successful read of a scanline. The exploitation of this issue may allow a remote attacker to cause a denial of service via specially crafted JPEG files.

Recommendations For GraphicsMagick version 1.3.26, consider disabling the ReadJPEGImage function as a temporary workaround until a patch is available. Restrict access to processing JPEG files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.