CVE-2017-14175

medium

Description

In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.

References

https://github.com/ImageMagick/ImageMagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c

https://github.com/ImageMagick/ImageMagick/issues/712

https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html

https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html

https://security.gentoo.org/glsa/201711-07

https://usn.ubuntu.com/3681-1/

Details

Source: MITRE

Published: 2017-09-07

Updated: 2020-10-15

Type: CWE-834

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM