CVE-2017-14174

Priority
Description
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in
ReadPSDLayersInternal() due to lack of an EOF (End of File) check might
cause huge CPU consumption. When a crafted PSD file, which claims a large
"length" field in the header but does not contain sufficient backing data,
is provided, the loop over "length" would consume huge CPU resources, since
there is no EOF check inside the loop.
Notes
mdeslaur0313-CVE-2017-14174-Fix-DoS-missing-EOF-check-in-ReadPSDLayersInternal.patch in wheezy
Package
Upstream:released (8:6.9.9.34+dfsg-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [8:6.7.7.10-6ubuntu3.11])
Ubuntu 16.04 LTS (Xenial Xerus):released (8:6.8.9.9-7ubuntu5.11)
Ubuntu 18.04 LTS (Bionic Beaver):released (8:6.9.7.4+dfsg-16ubuntu6.2)
Patches:
Upstream:https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
More Information

Updated: 2020-03-18 22:48:40 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)