CVE-2017-17682

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.7-12 Q16

Description A large loop issue was found in the ExtractPostscript function in the coders/wpg.c component, allowing attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file. The vulnerability is related to an error in the resource control mechanism, which can be exploited by a remote attacker using a specially crafted wpg image to trigger a denial of service.

Recommendations For ImageMagick version 7.0.7-12 Q16, consider disabling the ExtractPostscript function in the coders/wpg.c component as a temporary workaround to minimize the risk of exploitation. Restrict access to the ReadWPGImage call to prevent CPU exhaustion attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.