CVE-2017-12674

Vulnerability

In ImageMagick 7.0.6-2, the ReadPDBImage function in coders/pdb.c contains a CPU exhaustion vulnerability. The function reads a comment_offset value from the input file and then attempts to skip padding bytes by reading one byte at a time in a loop (while (num_pad_bytes--) ReadBlobByte(image)). If the comment_offset is larger than the file size, the loop never terminates, causing infinite CPU consumption. [2]

Exploitation

An attacker must craft a PDB file with a comment_offset value that exceeds the actual file size. The attacker then needs to trick a user or automated system into processing this file with ImageMagick (e.g., via the convert command). No authentication or special privileges are required beyond the ability to supply the file. [2]

Impact

Successful exploitation results in denial of service due to CPU exhaustion. The ImageMagick process hangs indefinitely, consuming CPU resources. No code execution or data disclosure is indicated in the available references. [1][2]

Mitigation

The vulnerability is fixed in later versions of ImageMagick. Ubuntu users can apply the updates provided in USN-3681-1, which include patched packages for Ubuntu 18.04 LTS and other releases. Users should update to the latest ImageMagick version. No workaround is documented. [1]