CVE-2017-14400

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.7-1 Q16

Description The issue is related to the PersistPixelCache function in magick/cache.c, which mishandles the pixel cache nexus. This allows remote attackers to cause a denial of service via a crafted file, resulting in a NULL pointer dereference in the GetVirtualPixels function in MagickCore/cache.c.

Recommendations For ImageMagick version 7.0.7-1 Q16, consider disabling the PersistPixelCache function as a temporary workaround until a patch is available. Restrict access to potentially vulnerable functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.