CVE-2017-18271

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:imagemagick:imagemagick:7.0.7-16:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:19

Type Values Removed Values Added
References () https://github.com/ImageMagick/ImageMagick/issues/911 - Third Party Advisory () https://github.com/ImageMagick/ImageMagick/issues/911 - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html - Third Party Advisory () https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html - () https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html -
References () https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html - () https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html -
References () https://usn.ubuntu.com/3681-1/ - Third Party Advisory () https://usn.ubuntu.com/3681-1/ - Third Party Advisory

Information

Published : 2018-05-18 19:29

Updated : 2024-11-21 03:19


NVD link : CVE-2017-18271

Mitre link : CVE-2017-18271

CVE.ORG link : CVE-2017-18271


JSON object : View

Products Affected

debian

  • debian_linux

imagemagick

  • imagemagick

canonical

  • ubuntu_linux
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')