PT-2017-2810 · Imagemagick+2 · Imagemagick+2

Shqking

Published

2017-08-31

Updated

2020-10-15

CVE-2017-14175

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.6-1 Q16

Description The issue is related to a lack of an EOF (End of File) check in the ReadXBMImage() function, which can cause huge CPU consumption. This occurs when a crafted XBM file with large rows and columns fields in the header but insufficient backing data is provided, leading to a loop over the rows that consumes significant CPU resources.

Recommendations For ImageMagick version 7.0.6-1 Q16, consider disabling the ReadXBMImage() function until a patch is available to prevent potential denial of service attacks. Restrict access to XBM files to minimize the risk of exploitation. Avoid using the ReadXBMImage() function with untrusted input files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-834

Related Identifiers

BDU:2017-02082

CVE-2017-14175

DLA-1131-1

DLA-1785-1

DLA-2366-1

OPENSUSE-SU-2017_3420-1

SUSE-SU-2017:3378-1

SUSE-SU-2017:3388-1

USN-3681-1

Affected Products

Imagemagick

Suse

Ubuntu

PT-2017-2810 · Imagemagick+2 · Imagemagick+2

CVE-2017-14175

Weakness Enumeration

Related Identifiers

Affected Products

References · 219