CVE-2017-14172

Priority
Description
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to
lack of an EOF (End of File) check might cause huge CPU consumption. When a
crafted PSD file, which claims a large "extent" field in the header but
does not contain sufficient backing data, is provided, the loop over
"length" would consume huge CPU resources, since there is no EOF check
inside the loop.
Notes
mdeslaur0311-CVE-2017-14172-Fix-DoS-missing-EOF-check-in-ReadPSImage.patch in wheezy
Package
Upstream:released (8:6.9.9.34+dfsg-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [8:6.7.7.10-6ubuntu3.11])
Ubuntu 16.04 LTS (Xenial Xerus):released (8:6.8.9.9-7ubuntu5.11)
Ubuntu 18.04 LTS (Bionic Beaver):released (8:6.9.7.4+dfsg-16ubuntu6.2)
Patches:
Upstream:https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c
More Information

Updated: 2020-03-18 22:48:40 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)