Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-17681

Опубликовано: 14 дек. 2017
Источник: debian

Описание

In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
imagemagickfixed8:6.9.9.34+dfsg-3package
imagemagickignoredjessiepackage
imagemagicknot-affectedwheezypackage

Примечания

  • https://github.com/ImageMagick/ImageMagick/issues/869

  • https://github.com/ImageMagick/ImageMagick/commit/f6ca1441a5260165dabc627d26f60c32af1d5678

  • different fix: https://github.com/ImageMagick/ImageMagick/commit/73d59a74e0b0a864c1a9581b8a4bdbee427125e2

  • ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/edf1b9408492b97cd08111a0a9cb123f6391dc5b

  • different fix for IM-6: https://github.com/ImageMagick/ImageMagick/commit/cae42160e5ab6de4b2a9433267e143ce295ae957

  • The fix involves all done changes on the relevant part of coders/psd.c between

  • (and including) edf1b9408492b97cd08111a0a9cb123f6391dc5b and cae42160e5ab6de4b2a9433267e143ce295ae957 .

Связанные уязвимости

ubuntu логотип

CVE-2017-17681

CVSS3: 6.5
ubuntu
около 8 лет назад

In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.

redhat логотип

CVE-2017-17681

CVSS3: 3.3
redhat
около 8 лет назад

In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.

nvd логотип

CVE-2017-17681

CVSS3: 6.5
nvd
около 8 лет назад

In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.

github логотип

GHSA-pjw5-52cc-55wv

CVSS3: 6.5
github
больше 3 лет назад

In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.

fstec логотип

BDU:2021-03362

CVSS3: 6.5
fstec
около 8 лет назад

Уязвимость функции ReadPSDChannelZip компонента coders/psd.c консольного графического редактора ImageMagick, связанная с бесконечной работой цикла, позволяющая нарушителю вызвать отказ в обслуживании