CVE-2017-14175

Sažetak

In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.

Reference

https://github.com/ImageMagick/ImageMagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c
https://github.com/ImageMagick/ImageMagick/issues/712
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
https://security.gentoo.org/glsa/201711-07
https://usn.ubuntu.com/3681-1/

CVSS

Base:	7.1
Impact:	6.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

15-10-2020 - 16:07

Objavljeno

07-09-2017 - 06:29