CVE-2017-14505

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.7-1

Description The issue is related to the DrawGetStrokeDashArray function in the wand/drawing-wand.c component of the ImageMagick console graphic editor. It is associated with a null pointer dereference. Exploitation of this issue allows a remote attacker to cause a denial of service by providing a specially crafted image file. This can lead to an application crash in AcquireQuantumMemory within MagickCore/memory.c.

Recommendations For ImageMagick version 7.0.7-1, consider disabling the DrawGetStrokeDashArray function as a temporary workaround until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using the affected ImageMagick version to process untrusted image files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.