VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 3, 2018· Updated Aug 5, 2024

CVE-2017-1000476

CVE-2017-1000476

Description

ImageMagick 7.0.7-12 Q16 has a CPU exhaustion vulnerability in ReadDDSInfo (coders/dds.c) via a crafted DDS file, leading to denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ImageMagick 7.0.7-12 Q16 has a CPU exhaustion vulnerability in ReadDDSInfo (coders/dds.c) via a crafted DDS file, leading to denial of service.

Vulnerability

ImageMagick 7.0.7-12 Q16 contains a CPU exhaustion vulnerability in the ReadDDSInfo function within coders/dds.c. The issue manifests when processing a specially crafted DDS image file, causing the SeekBlob function to enter an infinite loop or consume excessive CPU resources. The affected version is ImageMagick 7.0.7-12 Q16; earlier versions may also be vulnerable as indicated by the upstream issue tracker [1][2].

Exploitation

An attacker can trigger this denial-of-service condition by providing a malformed DDS image file to an application or service using ImageMagick (e.g., convert command). No special privileges are required beyond the ability to supply the crafted file. User interaction is required (e.g., opening the file), making this a user-assisted exploitation scenario [1][2].

Impact

Successful exploitation results in a denial of service due to 100% CPU consumption, rendering the affected ImageMagick process unresponsive. There is no indication of information disclosure, file corruption, or remote code execution from this specific vulnerability; the impact is strictly availability [2].

Mitigation

The vulnerability is fixed in ImageMagick versions released after 7.0.7-12. For Ubuntu systems, a security update was published in USN-3681-1 (Ubuntu 18.04 LTS and other releases) that addresses this issue along with other vulnerabilities [1]. Users should update to the latest patched version of ImageMagick. If an immediate update is not possible, avoid processing untrusted DDS files as a workaround.

References
  1. USN-3681-1: ImageMagick vulnerabilities | Ubuntu security notices | Ubuntu
  2. CPU exhaustion in SeekBlob

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

15

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"A large mipmap count in a DDS image causes an integer overflow when calculating the offset for SeekBlob, leading to excessive CPU consumption."

Attack vector

An attacker can trigger this vulnerability by providing a specially crafted DDS image file to the ImageMagick `convert` utility. The `ReadDDSInfo` function in `coders/dds.c` processes this image, and if the `mipmapcount` field is excessively large, it leads to a CPU exhaustion condition. This can be achieved by running the `convert` command with the malicious DDS file as input, for example, `convert SeekBlob-cpu-exhaustion /dev/null` [ref_id=1].

Affected code

The vulnerability resides in the `ReadDDSInfo` function within the `coders/dds.c` file. Specifically, the loop in `SkipDXTMipmaps` iterates based on `dds_info->mipmapcount`, and the calculation of `offset` using `(w+3)/4*((h+3)/4)*texel_size` can lead to an overflow when `mipmapcount` is excessively large. This large offset is then passed to `SeekBlob` in `MagickCore/blob.c` [ref_id=1].

What the fix does

The patch addresses the CPU exhaustion vulnerability by adding a check to ensure that the calculated offset in `SeekBlob` does not result in an excessively large value before performing the seek operation. This prevents the infinite loop or excessive seeking that was previously triggered by a large `mipmapcount` in DDS images, thereby mitigating the denial of service condition [ref_id=1].

Preconditions

  • inputThe user must provide a specially crafted DDS image file with an excessively large mipmap count.
  • configThe ImageMagick `convert` utility must be available and used to process the DDS file.

Reproduction

https://github.com/henices/pocs/raw/master/SeekBlob--cpu-exhaustion

Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.