Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: patch security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/869
Hi, the following vulnerability was published for imagemagick. CVE-2017-17681[0]: | In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found | in the function ReadPSDChannelZip in coders/psd.c, which allows | attackers to cause a denial of service (CPU exhaustion) via a crafted | psd image file. The fix consist unfortunately on a series of commits. There was a first attempt to fix the issue with edf1b9408492b97cd08111a0a9cb123f6391dc5b, then various reverts up to cae42160e5ab6de4b2a9433267e143ce295ae957, so the final fix might actually just consit of: $ git diff cae42160e5ab6de4b2a9433267e143ce295ae957 ^edf1b9408492b97cd08111a0a9cb123f6391dc5b~1 -- coders/psd.c If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-17681 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17681 [1] https://github.com/ImageMagick/ImageMagick/issues/869 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
