PT-2017-2566 · Imagemagick+2 · Imagemagick+2

Jgj212

Published

2017-07-18

Updated

2019-10-03

CVE-2017-11505

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick versions 6.9.9-0 through 7.0.6-1 ImageMagick version 7.x

Description The issue is related to the ReadOneJNGImage function in ImageMagick, which can be exploited by remote attackers to cause a denial of service. This is achieved through a malformed JNG file, leading to large loop and CPU consumption. The vulnerability is associated with resource management errors.

Recommendations For ImageMagick versions 6.9.9-0 through 7.0.6-1, consider disabling the ReadOneJNGImage function until a patch is available. For ImageMagick version 7.x, restrict the use of the ReadOneJNGImage function to minimize the risk of exploitation. Avoid using malformed JNG files in the affected ImageMagick versions until the issue is resolved.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-834

Related Identifiers

ALT-PU-2017-2096

BDU:2017-01778

CVE-2017-11505

DLA-1081-1

DSA-3914-1

SUSE-SU-2018:0349-1

SUSE-SU-2018:0350-1

SUSE-SU-2018:0413-1

Affected Products

Alt Linux

Imagemagick

Suse

PT-2017-2566 · Imagemagick+2 · Imagemagick+2

CVE-2017-11505

Weakness Enumeration

Related Identifiers

Affected Products

References · 177