CVE-2017-14175
First published: Thu Sep 07 2017(Updated: )
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ImageMagick ImageMagick | =7.0.6-1 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.10 | |
| Canonical Ubuntu Linux | =18.04 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/ImageMagick/ImageMagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c
- https://github.com/ImageMagick/ImageMagick/issues/712
- https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
- https://security.gentoo.org/glsa/201711-07
- https://usn.ubuntu.com/3681-1/
- https://launchpad.net/bugs/cve/CVE-2017-14175
- https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56
- https://security-tracker.debian.org/tracker/CVE-2017-14175
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14175
- https://nvd.nist.gov/vuln/detail/CVE-2017-14175
- https://ubuntu.com/security/CVE-2017-14175
Frequently Asked Questions
What is CVE-2017-14175?
CVE-2017-14175 is a vulnerability in ImageMagick 7.0.6-1 Q16 that can cause a Denial of Service (DoS) due to lack of an EOF (End of File) check, leading to high CPU consumption.
How does CVE-2017-14175 affect ImageMagick?
CVE-2017-14175 affects ImageMagick versions 7.0.6-1 Q16 and earlier.
What is the severity of CVE-2017-14175?
CVE-2017-14175 has a severity rating of 6.5 (High).
How can I fix CVE-2017-14175?
To fix CVE-2017-14175, upgrade ImageMagick to version 8:6.7.7.10-6ubuntu3.11, 8:6.9.9.34+dfsg-3, 8:6.8.9.9-7ubuntu5.11, 8:6.9.7.4+dfsg-16ubuntu2.2, 8:6.9.7.4+dfsg-16ubuntu6.2, 7.0.6-1, 8:6.9.10.23+dfsg-2.1+deb10u1, 8:6.9.10.23+dfsg-2.1+deb10u5, 8:6.9.11.60+dfsg-1.3+deb11u1, 8:6.9.11.60+dfsg-1.6, 8:6.9.12.98+dfsg1-2, depending on your system.
Where can I find more information about CVE-2017-14175?
You can find more information about CVE-2017-14175 at the following references: [link1](https://github.com/ImageMagick/ImageMagick/issues/712), [link2](https://security.gentoo.org/glsa/201711-07), [link3](https://usn.ubuntu.com/3681-1/).
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/imagemagick
- canonical/imagemagick imagemagick
- version/imagemagick imagemagick/7.0.6-1
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.10
- version/canonical ubuntu linux/18.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- package-manager/debian