PT-2017-2595 · Imagemagick+2 · Imagemagick+2

Jgj212

Published

2017-06-29

Updated

2020-09-08

CVE-2017-12140

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.0.6-1

Description The issue is caused by an integer signedness error in the ReadDCMImage function, located in codersdcm.c. This error can be exploited by a remote attacker using a specially crafted DCM file, leading to excessive memory consumption.

Recommendations For ImageMagick version 7.0.6-1, consider disabling the ReadDCMImage function until a patch is available to prevent excessive memory consumption via crafted DCM files. Restrict access to the codersdcm.c module to minimize the risk of exploitation. Avoid using the ReadDCMImage function with untrusted DCM files until the issue is resolved.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-681CWE-400

Related Identifiers

BDU:2017-01811

CVE-2017-12140

DLA-1081-1

DLA-1785-1

DLA-2366-1

OPENSUSE-SU-2017_3270-1

OPENSUSE-SU-2017_3420-1

SUSE-SU-2017:3378-1

SUSE-SU-2017:3388-1

SUSE-SU-2018:0197-1

USN-3681-1

Affected Products

Imagemagick

Suse

Ubuntu

PT-2017-2595 · Imagemagick+2 · Imagemagick+2

CVE-2017-12140

Weakness Enumeration

Related Identifiers

Affected Products

References · 259