CVE-2017-17681

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.7-12 Q16

Description The issue is related to an infinite loop in the ReadPSDChannelZip function in coders/psd.c, which can be exploited by attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. This allows a remote attacker to disrupt service using a specially crafted psd image.

Recommendations For ImageMagick version 7.0.7-12 Q16, as a temporary workaround, consider disabling the ReadPSDChannelZip function in coders/psd.c until a patch is available. Restrict access to handling psd image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.