CVE-2017-11523
Published: 22 July 2017
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.
Priority
Low
CVSS 3 base score: 6.5
Status
| Package | Release | Status |
|---|---|---|
|
imagemagick Launchpad, Ubuntu, Debian |
Upstream |
Needed
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(8:6.9.7.4+dfsg-16ubuntu2)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
|
Patches: Upstream: https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78 |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | This is 0102-CVE-2017-11523-endless-loop-in-ReadTXTImage.patch in unstable This is 0087-CVE-2017-11523-endless-loop-in-ReadTXTImage.patch in stretch This is 0243-Fix-endless-loop-in-ReadTXTImage.patch in wheezy not fixing memory leak in trusty and xenial |