CVE-2017-15281

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.7-6

Description The issue is related to the ReadPSDImage function in the coders/psd.c component of ImageMagick, which can cause a denial of service or possibly have other impacts via a crafted file. This is due to a conditional jump or move that depends on uninitialized value(s), potentially allowing a remote attacker to access confidential data, compromise its integrity, or cause a service disruption by exploiting the buffer data boundary.

Recommendations For ImageMagick version 7.0.7-6, consider disabling the ReadPSDImage function in the coders/psd.c component as a temporary workaround until a patch is available. Restrict access to the coders/psd.c component to minimize the risk of exploitation. Avoid using the ReadPSDImage function with untrusted files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.