In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
References
Link | Resource |
---|---|
https://github.com/ImageMagick/ImageMagick/commit/bdbbb13f1fe9b7e2465502c500561720f7456aac | Patch Vendor Advisory |
https://github.com/ImageMagick/ImageMagick/issues/715 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html | Third Party Advisory |
https://security.gentoo.org/glsa/201711-07 | Third Party Advisory |
https://usn.ubuntu.com/3681-1/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-09-07T06:00:00
Updated: 2020-10-07T20:45:42
Reserved: 2017-09-07T00:00:00
Link: CVE-2017-14172
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-09-07T06:29:00.327
Modified: 2020-10-15T16:02:13.533
Link: CVE-2017-14172
JSON object: View
Redhat Information
No data.
CWE