CVE-2017-14172

MEDIUM

ImageMagick 7.0.7-0 - DoS

Title source: llm

Description

In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.

References (6)

[Third Party Advisory] https://usn.ubuntu.com/3681-1/

[Third Party Advisory] https://security.gentoo.org/glsa/201711-07

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/ImageMagick/ImageMagick/issues/715

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html

[Patch, Vendor Advisory] https://github.com/ImageMagick/ImageMagick/commit/bdbbb13f1fe9b7e2465502c500561720f7456aac

View Patch ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0058

EPSS Percentile 69.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-834

Status published

Products (7)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

canonical/ubuntu_linux 18.04

debian/debian_linux 8.0

debian/debian_linux 9.0

imagemagick/imagemagick 7.0.7-0

Published Sep 07, 2017

Tracked Since Feb 18, 2026