CVE-2017-17681

Published: 14 December 2017

In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
Upstream
Released (8:6.9.9.34+dfsg-3)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (8:6.9.7.4+dfsg-16ubuntu6.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (8:6.8.9.9-7ubuntu5.11)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://github.com/ImageMagick/ImageMagick/commit/edf1b9408492b97cd08111a0a9cb123f6391dc5b
Upstream: https://github.com/ImageMagick/ImageMagick/commit/8f5fc37f47fa9a6c4942686c2a3ffa77610842c6
Upstream: https://github.com/ImageMagick/ImageMagick/commit/a7024c8d54ca462418626c163c7f0e638d2ea72f
Upstream: https://github.com/ImageMagick/ImageMagick/commit/cae42160e5ab6de4b2a9433267e143ce295ae957