CVE-2017-14175

2017-09-0700:00:00

ubuntu.com

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.005

Percentile

76.4%

JSON

In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to
lack of an EOF (End of File) check might cause huge CPU consumption. When a
crafted XBM file, which claims large rows and columns fields in the header
but does not contain sufficient backing data, is provided, the loop over
the rows would consume huge CPU resources, since there is no EOF check
inside the loop.

Bugs

Notes

Author	Note
mdeslaur	0314-CVE-2017-14175-Fix-DoS-missing-EOF-check-in-ReadXBMImage-1-of-2.patch and 0315-CVE-2017-14175-Fix-DoS-missing-EOF-check-in-ReadXBMImage-2-of-2.patch in wheezy

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchimagemagick< 8:6.9.7.4+dfsg-16ubuntu2.2UNKNOWN
ubuntu18.04noarchimagemagick< 8:6.9.7.4+dfsg-16ubuntu6.2UNKNOWN
ubuntu14.04noarchimagemagick< 8:6.7.7.10-6ubuntu3.11UNKNOWN
ubuntu16.04noarchimagemagick< 8:6.8.9.9-7ubuntu5.11UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	17.10	noarch	imagemagick	< 8:6.9.7.4+dfsg-16ubuntu2.2	UNKNOWN
ubuntu	18.04	noarch	imagemagick	< 8:6.9.7.4+dfsg-16ubuntu6.2	UNKNOWN
ubuntu	14.04	noarch	imagemagick	< 8:6.7.7.10-6ubuntu3.11	UNKNOWN
ubuntu	16.04	noarch	imagemagick	< 8:6.8.9.9-7ubuntu5.11	UNKNOWN