oss-sec mailing list archives
ImageMagick : CVE-2017-14741 : Infinite loop in ReadCAPTIONImage
From: "NOIRFATE" <noirfate () vip qq com>
Date: Tue, 26 Sep 2017 17:10:35 +0800
Description:The ReadCAPTIONImage function in coders/caption.c in ImageMagick allows attackers to cause a denial of service (infinite loop) via a crafted font file.Affected version:ImageMagick 7.0.7-3 (maybe previous versions are affected as well)Fixed version:ImageMagick 7.0.7-4Commit fix:https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596fDetails:https://github.com/ImageMagick/ImageMagick/issues/771Credit:This bug was discovered by Yihan Lian of GearTeam at Qihoo360 CVE:CVE-2017-14741
Current thread:
- ImageMagick : CVE-2017-14741 : Infinite loop in ReadCAPTIONImage NOIRFATE (Sep 26)