CVE-2017-18271
Description
In ImageMagick 7.0.7-16, the MIFF image parser enters an infinite loop via a crafted file, causing CPU exhaustion and denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In ImageMagick 7.0.7-16, the MIFF image parser enters an infinite loop via a crafted file, causing CPU exhaustion and denial of service.
Vulnerability
The vulnerability resides in the ReadMIFFImage function in coders/miff.c of ImageMagick 7.0.7-16 Q16 x86_64 (2017-12-22). The parser lacks an end-of-file (EOF) check in a loop ([1]), causing an infinite loop when processing a crafted MIFF image file. The issue does not require special configuration; default resource policies such as those in policy.xml still allow the loop to consume CPU time until any user-defined timeout (e.g., 120 seconds in the example) is reached.
Exploitation
An attacker must supply a malicious MIFF file to a user or service that processes images with ImageMagick (e.g., via convert or a web application). No authentication or special privileges are needed; the victim need only run the tool on the file (e.g., convert cpu-exhaustion-ReadMIFFImage /dev/null [1]). The loop executes indefinitely, saturating one CPU core.
Impact
Successfully exploiting this vulnerability causes 100% CPU consumption on one core for up to the configured time resource limit (default 120 seconds). This leads to a denial of service (CPU exhaustion) for the affected system or application. No data corruption, privilege escalation, or data breach occurs.
Mitigation
A fix was implemented in ImageMagick commit [1] and is included in version 7.0.7-17 and later. Users should upgrade to the latest stable release. If upgrading is not possible, resource limits (e.g., time in policy.xml) can reduce exposure, but they do not prevent the loop; no complete workaround is available. The issue is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of publication.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11- Range: = 7.0.7-16 Q16 x86_64 2017-12-22
- osv-coords10 versionspkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 1.2.5-78.61.1+ 9 more
- (no CPE)range: < 1.2.5-78.61.1
- (no CPE)range: < 1.2.5-78.61.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.4.3.6-78.56.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.4.3.6-78.56.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.4.3.6-78.56.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.8.8.1-71.65.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"An infinite loop occurs in the ReadMIFFImage function due to a lack of an EOF check when reading from the blob."
Attack vector
An attacker can trigger this vulnerability by providing a crafted MIFF image file to the ImageMagick `convert` command. The vulnerability lies within the `ReadMIFFImage` function in `coders/miff.c`. When processing this malicious file, the application enters an infinite loop, leading to CPU exhaustion. The trigger command is `magick convert cpu-exhaustion-ReadMIFFImage /dev/null` [ref_id=1].
Affected code
The vulnerability exists in the `ReadMIFFImage` function located in the file `coders/miff.c`. Specifically, lines 1111-1128 show a `do-while` loop that lacks an EOF check before calling `ReadBlobByte`. This can lead to an infinite loop if the byte read is not the null terminator and the end of the file is reached [ref_id=1].
What the fix does
The patch addresses the infinite loop by introducing an End-Of-File (EOF) check within the `do-while` loop in the `ReadMIFFImage` function. This ensures that the loop terminates correctly when the end of the input stream is reached, preventing the CPU from being exhausted by continuous, unfulfilled read operations. The advisory does not specify the exact patch details, but the fix prevents the infinite loop by ensuring proper termination conditions are met [ref_id=1].
Preconditions
- inputA crafted MIFF image file.
Reproduction
testcase: https://github.com/henices/pocs/raw/master/cpu-exhaustion-ReadMIFFImage [ref_id=1]
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- usn.ubuntu.com/3681-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/ImageMagick/ImageMagick/issues/911mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2018/05/msg00012.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/05/msg00015.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2020/09/msg00007.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.