You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello all.
We found a denial of service (DoS) issue in Imagemagick-7.0.7-0 Q16 x86_64, which can cause huge CPU consumption.
Note that this issue is quite similar to issue #712 we have reported.
A crafted PSD image file, which claims large length but does not contain sufficient backing data, would cause a large loop at line 1707 since there is no EOF check inside.
PoC: https://github.com/shqking/imagemagick-poc/blob/master/x_psd_poc.psd
The command we was using is convert x_psd_poc.psd test.jpg
In our tests we used a machine with Intel(R) Xeon(R) CPU E5-2680 v3 @ 2.50GHz, 4 CPU cores and 16GB RAM.
This issue caused 100% CPU for more than 3 and a half minutes.
Note that this issue was found by Xiaohei and Wangchu from Alibaba Security Team.
Thanks.
The text was updated successfully, but these errors were encountered:
shqking
changed the title
denial of service (DoS) issue in ReadPSDLayersInternal():1707 in coders/psd.c
CVE-2017-14174: denial of service (DoS) issue in ReadPSDLayersInternal():1707 in coders/psd.c
Sep 7, 2017
Hello all.
We found a denial of service (DoS) issue in Imagemagick-7.0.7-0 Q16 x86_64, which can cause huge CPU consumption.
Note that this issue is quite similar to issue #712 we have reported.
The vulnerable code is shown as below.
A crafted PSD image file, which claims large length but does not contain sufficient backing data, would cause a large loop at line 1707 since there is no EOF check inside.
PoC: https://github.com/shqking/imagemagick-poc/blob/master/x_psd_poc.psd
The command we was using is
convert x_psd_poc.psd test.jpg
In our tests we used a machine with Intel(R) Xeon(R) CPU E5-2680 v3 @ 2.50GHz, 4 CPU cores and 16GB RAM.
This issue caused 100% CPU for more than 3 and a half minutes.
Note that this issue was found by Xiaohei and Wangchu from Alibaba Security Team.
Thanks.
The text was updated successfully, but these errors were encountered: