PT-2017-4111 · Imagemagick+3 · Imagemagick+3

Henices

·

Publicado

2017-12-22

·

Atualizado

2020-09-08

·

CVE-2017-18273

CVSS v2.0

7.1

Alta

VetorAV:N/AC:M/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.0.7-16
Description The issue is related to an infinite loop in the ReadTXTImage function of the coders/txt.c component. This allows a remote attacker to cause a denial of service, specifically CPU exhaustion, by exploiting the vulnerability with a specially crafted image file.
Recommendations For ImageMagick version 7.0.7-16, consider disabling the ReadTXTImage function in coders/txt.c as a temporary workaround until a patch is available. Restrict access to the coders/txt.c component to minimize the risk of exploitation. Avoid using the GetImageIndexInList call with untrusted image files until the issue is resolved.

Exploit

Correção

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

BDU:2021-03354
CESA-2020_1180
CVE-2017-18273
DLA-1381-1
DLA-1785-1
DLA-2366-1
RHSA-2020:1180
RHSA-2020_1180
USN-3681-1

Produtos afetados

Centos
Imagemagick
Red Hat
Ubuntu