CVE-2017-18211

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.7

Description A NULL pointer dereference issue was found in the saveBinaryCLProgram function in magick/opencl.c due to an unchecked program-lookup result, which is related to CacheOpenCLKernel. This issue allows a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For ImageMagick version 7.0.7, consider disabling the saveBinaryCLProgram function as a temporary workaround until a patch is available. Restrict access to the magick/opencl.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.