CVE-2017-12674 in Ubuntu

CVE-2017-12674

Priority

Description

In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the
function ReadPDBImage in coders/pdb.c, which allows attackers to cause a
denial of service.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12674
https://usn.ubuntu.com/usn/usn-3681-1

Bugs

https://github.com/ImageMagick/ImageMagick/issues/604
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872609

Notes

mdeslaur

0286-CVE-2017-12674-Fix-CPU-exhaustion-in-ReadPDBImage.patch in wheezy

Package

Source: imagemagick (LP Ubuntu Debian)

Upstream:	released (8:6.9.9.34+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was released [8:6.7.7.10-6ubuntu3.11])
Ubuntu 16.04 LTS (Xenial Xerus):	released (8:6.8.9.9-7ubuntu5.11)
Ubuntu 18.04 LTS (Bionic Beaver):	released (8:6.9.7.4+dfsg-16ubuntu6.2)

Patches:

Upstream:

https://github.com/ImageMagick/ImageMagick/commit/5a91708c6b70bd4e3d2b931465307e0aeababb3c

More Information

Updated: 2020-03-18 22:48:22 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)