-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CPU exhaustion in ReadPSDChannelZip #869
Labels
Comments
urban-warrior
pushed a commit
that referenced
this issue
Nov 20, 2017
urban-warrior
pushed a commit
that referenced
this issue
Nov 20, 2017
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
This was assigned CVE-2017-17681. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello all.
We found a denial of service (DoS) issue in ImageMagick 7.0.7-12 Q16 x86_64 , which can cause huge CPU consumption. (cpu 100%)
The policy.xml is as following
convert ReadPSDChannelZip2-cpu-exhaustion /dev/null
gdb backtrace
when debug we found a infinite loop in the following code (coders/psd.c). stream.avail_out is always 352
testcase:
https://github.com/henices/pocs/raw/master/ReadPSDChannelZip2-cpu-exhaustion
Credit: NSFocus Security Team <security (at) nsfocus (dot) com>
The text was updated successfully, but these errors were encountered: