CVE-2017-10799

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.25

Description The issue is related to the processing of DPX images with metadata indicating a large width in the coders/dpx.c file, which can cause a denial of service (OOM) in the ReadDPXImage() function. It is also associated with the MagickRealloc function in memory.c, leading to uncontrolled resource consumption. Exploitation of this issue may allow a remote attacker to cause a denial of service using a specially crafted .dpx file.

Recommendations For GraphicsMagick version 1.3.25, as a temporary workaround, consider restricting the use of the ReadDPXImage() function or limiting the processing of DPX images with large widths until a patch is available. Avoid using the MagickRealloc function in memory.c with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.