ImageMagick CVE-2017-7943 Denial of Service Vulnerability

ImageMagick is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to consume memory resources and cause a denial-of-service condition.

ImageMagick 7.0.5-4 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 97956
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-7943

Remote: Yes
Local: No
Published: Apr 21 2017 12:00AM
Updated: Apr 21 2017 03:07PM
Credit: bestshow
Vulnerable: ImageMagick ImageMagick 7.0.5-4
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 7.0

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• ImageMagick Homepage (ImageMagick)
  
• Fixed leak reported in: #427. (Github)
  
• Fixed leak reported in: #427. (Github)
  
• memory leak in svg #427 (Github)
  
• p0cs/memory-leak-in-svg.svg (Github)
  

Source: www.securityfocus.com