CVE-2017-11449
Description
ImageMagick before 7.0.6-1 fails to enable seekable streams in MPC coders, allowing denial of service via crafted image from stdin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick before 7.0.6-1 fails to enable seekable streams in MPC coders, allowing denial of service via crafted image from stdin.
Vulnerability
In ImageMagick before version 7.0.6-1, the coders/mpc.c file does not enable seekable streams for the MPC and CACHE coders. This prevents proper validation of blob sizes, making the coders vulnerable to processing malformed images from unseekable sources such as stdin [1]. The issue affects all versions prior to the fix.
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted image via stdin. No authentication or special network position is required; the attacker simply needs to supply the malicious input to an ImageMagick process that reads from stdin [1].
Impact
Successful exploitation results in a denial of service, causing the application to crash. The description also mentions the possibility of other unspecified impacts, but no further details are provided [1].
Mitigation
The vulnerability is fixed in ImageMagick version 7.0.6-1. The fix involves setting entry->seekable_stream=MagickTrue for the MPC and CACHE coders, as shown in commits [2] and [3]. Users should upgrade to version 7.0.6-1 or later. If upgrading is not possible, avoid processing untrusted images from stdin or other unseekable streams.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
18cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*range: <6.9.9-0
- (no CPE)range: < 7.0.6-1
- osv-coords16 versionspkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 1.2.5-4.78.28.2+ 15 more
- (no CPE)range: < 1.2.5-4.78.28.2
- (no CPE)range: < 1.2.5-4.78.28.2
- (no CPE)range: < 6.8.8.1-71.23.1
- (no CPE)range: < 6.8.8.1-71.23.1
- (no CPE)range: < 6.4.3.6-7.78.22.1
- (no CPE)range: < 6.8.8.1-71.23.1
- (no CPE)range: < 6.8.8.1-71.23.1
- (no CPE)range: < 6.8.8.1-71.23.1
- (no CPE)range: < 6.4.3.6-7.78.22.1
- (no CPE)range: < 6.8.8.1-71.23.1
- (no CPE)range: < 6.8.8.1-71.23.1
- (no CPE)range: < 6.4.3.6-7.78.22.1
- (no CPE)range: < 6.8.8.1-71.23.1
- (no CPE)range: < 6.8.8.1-71.23.1
- (no CPE)range: < 6.8.8.1-71.23.1
- (no CPE)range: < 6.8.8.1-71.23.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingPatchThird Party Advisory
- github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1nvdIssue TrackingPatchThird Party Advisory
- github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3nvdIssue TrackingPatchThird Party Advisory
- github.com/ImageMagick/ImageMagick/issues/556nvdIssue TrackingPatchThird Party Advisory
- www.securityfocus.com/bid/99958nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.