CVE-2017-11505 - Excessive Iteration

Severity

71%

Complexity

86%

Confidentiality

115%

The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.

The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.

CVSS 3.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 7.1. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C).

Overview

First reported 7 years ago

2017-07-21 16:29:00

Last updated 5 years ago

2019-10-03 00:03:00

Affected Software

ImageMagick

ImageMagick 7.0.0-0

7.0.0-0

ImageMagick 7.0.1-0

7.0.1-0

ImageMagick 7.0.1-1

7.0.1-1

ImageMagick 7.0.1-2

7.0.1-2

ImageMagick 7.0.1-3

7.0.1-3

ImageMagick 7.0.1-4

7.0.1-4

ImageMagick 7.0.1-5

7.0.1-5

ImageMagick 7.0.1-6

7.0.1-6

ImageMagick 7.0.1-7

7.0.1-7

ImageMagick 7.0.1-8

7.0.1-8

ImageMagick 7.0.1-9

7.0.1-9

ImageMagick 7.0.1-10

7.0.1-10

ImageMagick 7.0.2-0

7.0.2-0

ImageMagick 7.0.2-1

7.0.2-1

ImageMagick 7.0.2-2

7.0.2-2

ImageMagick 7.0.2-3

7.0.2-3

ImageMagick 7.0.2-4

7.0.2-4

ImageMagick 7.0.2-5

7.0.2-5

ImageMagick 7.0.2-6

7.0.2-6

ImageMagick 7.0.2-7

7.0.2-7

ImageMagick 7.0.2-8

7.0.2-8

ImageMagick 7.0.2-9

7.0.2-9

ImageMagick 7.0.2-10

7.0.2-10

ImageMagick 7.0.3-0

7.0.3-0

ImageMagick 7.0.3-1

7.0.3-1

ImageMagick 7.0.3-2

7.0.3-2

ImageMagick 7.0.3-3

7.0.3-3

ImageMagick 7.0.3-4

7.0.3-4

ImageMagick 7.0.3-5

7.0.3-5

ImageMagick 7.0.3-6

7.0.3-6

ImageMagick 7.0.3-7

7.0.3-7

ImageMagick 7.0.3-8

7.0.3-8

ImageMagick 7.0.3-9

7.0.3-9

ImageMagick 7.0.3-10

7.0.3-10

ImageMagick 7.0.4-0

7.0.4-0

ImageMagick 7.0.4-1

7.0.4-1

ImageMagick 7.0.4-2

7.0.4-2

ImageMagick 7.0.4-3

7.0.4-3

ImageMagick 7.0.4-4

7.0.4-4

ImageMagick 7.0.4-5

7.0.4-5

ImageMagick 7.0.4-6

7.0.4-6

ImageMagick 7.0.4-7

7.0.4-7

ImageMagick 7.0.4-8

7.0.4-8

ImageMagick 7.0.4-9

7.0.4-9

ImageMagick 7.0.4-10

7.0.4-10

ImageMagick 7.0.5-0

7.0.5-0

ImageMagick 7.0.5-1

7.0.5-1

ImageMagick 7.0.5-2

7.0.5-2

ImageMagick 7.0.5-3

7.0.5-3

ImageMagick 7.0.5-4

7.0.5-4

ImageMagick 7.0.5-5

7.0.5-5

ImageMagick 7.0.5-6

7.0.5-6

ImageMagick 7.0.5-7

7.0.5-7

ImageMagick 7.0.5-8

7.0.5-8

ImageMagick 7.0.5-9

7.0.5-9

ImageMagick 7.0.5-10

7.0.5-10

ImageMagick 7.0.6-0

7.0.6-0

ImageMagick 7.0.6-1

7.0.6-1

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867824

Third Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/526

Exploit, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.