CVE-2017-11755

Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.0.6-4

Description The issue is related to the WritePICONImage function in coders/xpm.c, which is caused by a buffer overflow in memory. This can be exploited by a remote attacker using a specially crafted file, leading to a denial of service (memory leak) due to incorrect handling in the AcquireSemaphoreInfo call.

Recommendations For ImageMagick version 7.0.6-4, consider disabling the WritePICONImage function as a temporary workaround until a patch is available. Restrict access to the coders/xpm.c module to minimize the risk of exploitation. Avoid using the AcquireSemaphoreInfo call with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.