CVE-2017-14174
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
En coders/psd.c en ImageMagick 7.0.7-0 Q16, una denegación de servicio en ReadPSDLayersInternal() por una falta de chequeos EOF (End of File) podría provocar un enorme consumo de recursos de la CPU. Cuando se proporciona un archivo PSD manipulado que pide un campo "length" grande en la cabecera pero no contiene suficientes datos de respaldo, el bucle en "length" consumiría una gran cantidad de recursos de CPU, ya que el bucle no contiene ningún chequeo EOF.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-07 CVE Reserved
- 2017-09-07 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-834: Excessive Iteration
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64 | Issue Tracking | |
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/714 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8 | 2020-10-23 |
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/201711-07 | 2020-10-23 | |
https://usn.ubuntu.com/3681-1 | 2020-10-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Imagemagick Search vendor "Imagemagick" | Imagemagick Search vendor "Imagemagick" for product "Imagemagick" | 7.0.7-0 Search vendor "Imagemagick" for product "Imagemagick" and version "7.0.7-0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|