CVE-2017-13133

2017-08-23T00:00:00
ID UB:CVE-2017-13133
Type ubuntucve
Reporter ubuntu.com
Modified 2017-08-23T00:00:00

Description

In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.

Bugs

  • <https://github.com/ImageMagick/ImageMagick/issues/679>
  • <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873100>

Notes

Author| Note
---|---
mdeslaur | 0291-CVE-2017-13133-Fix-offset-validation-vulnerability-in-load_level-in-xcf.c.patch in wheezy the commit for this issue causes a regression in xcf image loading. See https://github.com/ImageMagick/ImageMagick/issues/697 the whole fix was reverted in: https://github.com/ImageMagick/ImageMagick/commit/a079c4a36f3a29912bd6ee4ea997622fabbcc189 there is no further fix for this issue. Marking as ignored.