The ReadPESImage function in coderspes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Imagemagick | Imagemagick | 7.0.6-1 (including) | 7.0.6-1 (including) |
| Imagemagick | Ubuntu | esm-infra-legacy/trusty | * |
| Imagemagick | Ubuntu | esm-infra/xenial | * |
| Imagemagick | Ubuntu | trusty | * |
| Imagemagick | Ubuntu | trusty/esm | * |
| Imagemagick | Ubuntu | xenial | * |
| Imagemagick | Ubuntu | yakkety | * |
| Imagemagick | Ubuntu | zesty | * |
References
- http://www.securityfocus.com/bid/99964
- https://github.com/ImageMagick/ImageMagick/issues/537
- https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html
- https://www.debian.org/security/2017/dsa-4019
- http://www.securityfocus.com/bid/99964
- https://github.com/ImageMagick/ImageMagick/issues/537
- https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html
- https://www.debian.org/security/2017/dsa-4019