Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-14175

Date: September 7, 2017

In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.

Language: C

Severity Score

Related Resources (11)

https://nvd.nist.gov/vuln/detail/CVE-2017-14175
https://access.redhat.com/security/cve/CVE-2017-14175
https://github.com/ImageMagick/ImageMagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c
https://usn.ubuntu.com/3681-1/
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
https://security.gentoo.org/glsa/201711-07
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html
https://github.com/ImageMagick/ImageMagick/issues/712
https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14175
https://security-tracker.debian.org/tracker/CVE-2017-14175
https://www.mend.io/vulnerability-database/CVE-2017-14175

Severity Score

Weakness Type (CWE)

Resource Management Errors

CWE-399

Excessive Iteration

CWE-834

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us