CVE-2017-14174

In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
imagemagickimagemagick
7.0.7-0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
canonicalubuntu_linux
18.04
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bullseye
8:6.9.11.60+dfsg-1.3+deb11u4
fixed
bullseye (security)
8:6.9.11.60+dfsg-1.3+deb11u3
fixed
bookworm
8:6.9.11.60+dfsg-1.6+deb12u2
fixed
bookworm (security)
8:6.9.11.60+dfsg-1.6+deb12u1
fixed
trixie
8:6.9.13.12+dfsg1-1
fixed
sid
8:7.1.1.39+dfsg1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
imagemagick
bionic
Fixed 8:6.9.7.4+dfsg-16ubuntu6.2
released
artful
Fixed 8:6.9.7.4+dfsg-16ubuntu2.2
released
zesty
ignored
xenial
Fixed 8:6.8.9.9-7ubuntu5.11
released
trusty
Fixed 8:6.7.7.10-6ubuntu3.11
released
Common Weakness Enumeration
References
https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8
https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
https://github.com/ImageMagick/ImageMagick/issues/714
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
https://security.gentoo.org/glsa/201711-07
https://usn.ubuntu.com/3681-1/
https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8
https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
https://github.com/ImageMagick/ImageMagick/issues/714
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
https://security.gentoo.org/glsa/201711-07
https://usn.ubuntu.com/3681-1/