CVE-2017-14173

Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.0.6 through 7.0.10

Description The issue is related to an integer overflow in the ReadTXTImage() function of the coders/txt.c component in ImageMagick. This overflow can occur when a large depth value is used in the GetQuantumRange(depth)+1 operation, resulting in a smaller value than expected. As a consequence, an infinite loop can be triggered by a crafted TXT file that claims a very large max value. This allows a remote attacker to cause a denial of service.

Recommendations For ImageMagick versions 7.0.6 through 7.0.10, consider disabling the ReadTXTImage() function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.