CVE-2017-11188

HIGH

ImageMagick 7.0.6-0 - DoS

Title source: llm

Description

The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99566

[Issue Tracking, Patch, Third Party Advisory] https://github.com/ImageMagick/ImageMagick/issues/509

Scores

CVSS v3 7.5

EPSS 0.0012

EPSS Percentile 30.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-834

Status published

Products (1)

imagemagick/imagemagick 7.0.6-0

Published Jul 12, 2017

Tracked Since Feb 18, 2026