CVE-2017-14174

Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.0.7-0 Q16

Description The issue is related to errors in resource management in the ReadPSDLayersInternal function of the ImageMagick console graphic editor. Exploitation of this issue may allow a remote attacker to cause significant CPU consumption and denial of service using a specially crafted PSD file. This file requires a large length field in the header but does not contain sufficient backing data, leading to a loop that consumes significant CPU resources due to the lack of an End of File (EOF) check.

Recommendations For ImageMagick version 7.0.7-0 Q16, consider disabling the ReadPSDLayersInternal function as a temporary workaround until a patch is available. Restrict access to PSD files that may trigger this issue to minimize the risk of exploitation. Avoid using PSD files with large length fields in the header that do not contain sufficient backing data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.