CVE-2017-14249

Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.0.6-8 Q16

Description The issue is related to a division by zero error in the ReadMPCImage function of the coders/mpc.c component in the ImageMagick console graphic editor. This error can be exploited by a remote attacker to cause a denial of service using a specially crafted file. The problem arises from incorrect handling of EOF checks in the ReadMPCImage function, leading to a division by zero in the GetPixelCacheTileSize function in MagickCore/cache.c.

Recommendations For ImageMagick versions 7.0.6-8 Q16, consider disabling the ReadMPCImage function in coders/mpc.c as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the GetPixelCacheTileSize function in MagickCore/cache.c to minimize the risk of a denial of service attack. Avoid using crafted files that could trigger the division by zero error in the affected functions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.