PT-2017-4111 · Imagemagick+3 · Imagemagick+3

Henices

Published

2017-12-22

Updated

2020-09-08

CVE-2017-18273

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.0.7-16

Description The issue is related to an infinite loop in the ReadTXTImage function of the coders/txt.c component. This allows a remote attacker to cause a denial of service, specifically CPU exhaustion, by exploiting the vulnerability with a specially crafted image file.

Recommendations For ImageMagick version 7.0.7-16, consider disabling the ReadTXTImage function in coders/txt.c as a temporary workaround until a patch is available. Restrict access to the coders/txt.c component to minimize the risk of exploitation. Avoid using the GetImageIndexInList call with untrusted image files until the issue is resolved.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2021-03354

CESA-2020_1180

CVE-2017-18273

DLA-1381-1

DLA-1785-1

DLA-2366-1

RHSA-2020:1180

RHSA-2020_1180

USN-3681-1

Affected Products

Centos

Imagemagick

Red Hat

Ubuntu

PT-2017-4111 · Imagemagick+3 · Imagemagick+3

CVE-2017-18273

Weakness Enumeration

Related Identifiers

Affected Products

References · 151