CVE-2017-11537

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.

Weakness

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Affected Software

Potential Mitigations

• Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
• Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
• Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
• Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/128.html
• https://cwe.mitre.org/data/definitions/129.html

References

• https://github.com/ImageMagick/ImageMagick/issues/560
• https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html
• https://usn.ubuntu.com/3681-1/
• https://www.debian.org/security/2017/dsa-4019