PT-2017-2468 · Imagemagick+3 · Imagemagick+3

Jgj212

Published

2017-07-10

Updated

2020-04-08

CVE-2017-11166

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.5-6

Description The issue is related to a memory leak in the ReadXWDImage function, which can lead to memory exhaustion. This can be triggered by a crafted length field in the header of an XWD file, specifically the number of color-map entries. The vulnerability is associated with resource management errors and can be exploited remotely.

Recommendations For ImageMagick version 7.0.5-6, consider disabling the ReadXWDImage function as a temporary workaround to prevent memory exhaustion until a patch is available. Restrict access to XWD files to minimize the risk of exploitation. Avoid using the ReadXWDImage function with untrusted XWD files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-772

Related Identifiers

BDU:2017-01678

CESA-2020_1180

CVE-2017-11166

RHSA-2020:1180

RHSA-2020_1180

SUSE-SU-2018:0486-1

SUSE-SU-2018:0581-1

SUSE-SU-2018_0486-1

SUSE-SU-2018_0581-1

Affected Products

Centos

Imagemagick

Red Hat

Suse

PT-2017-2468 · Imagemagick+3 · Imagemagick+3

CVE-2017-11166

Weakness Enumeration

Related Identifiers

Affected Products

References · 85