CVE-2017-14172

Vulnerability

In ImageMagick 7.0.7-0 Q16, the ReadPSImage() function in coders/ps.c lacks an end-of-file (EOF) check inside a loop that reads Photoshop profile data. When a crafted PostScript file claims a large extent field in its header but does not contain sufficient backing data, the loop at line 664 iterates over the declared length without verifying that the blob actually holds that many bytes. This flaw is similar to issue #712 [3]. The vulnerable code path is reachable when any user or automated system processes a malicious PS file with ImageMagick [2][3].

Exploitation

An attacker needs only to craft a PostScript file with an inflated extent value and minimal actual data. No authentication or special network position is required; the victim must simply open the file with an ImageMagick tool such as convert. The PoC file x_ps_poc.ps triggers the vulnerability by causing the loop at line 664 to run for a very large number of iterations, consuming 100% CPU and up to 8 GB of RAM for approximately 30 minutes [3].

Impact

Successful exploitation results in a denial of service (DoS) due to extreme CPU and memory consumption. The process may become unresponsive or be terminated by the system. No code execution or data disclosure is associated with this specific CVE [3].

Mitigation

The issue was fixed in commit bdbbb13f1fe9b7e2465502c500561720f7456aac [2]. Ubuntu released updated packages in USN-3681-1 [1], and Gentoo recommends upgrading to >=media-gfx/imagemagick-6.9.9.20 [4]. No workaround is available; users should apply the latest patches for their distribution.