CVE-2017-11538 : Security Advisory and Response

ImageMagick version 7.0.6-1 is vulnerable to a Memory Leak when processing specific files using the convert command.

Understanding CVE-2017-11538

The function WriteOnePNGImage() in coders/png.c of ImageMagick version 7.0.6-1 may experience a Memory Leak when processing a specifically designed file using the convert command.

What is CVE-2017-11538?

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c.

The Impact of CVE-2017-11538

This vulnerability could be exploited by an attacker to cause a denial of service (DoS) by consuming excessive memory resources on the affected system.

Technical Details of CVE-2017-11538

ImageMagick version 7.0.6-1 is susceptible to a Memory Leak vulnerability.

Vulnerability Description

The WriteOnePNGImage() function in coders/png.c of ImageMagick version 7.0.6-1 may leak memory when processing specially crafted files using the convert command.

Affected Systems and Versions

Affected Version: 7.0.6-1
Product: ImageMagick
Vendor: N/A

Exploitation Mechanism

An attacker can exploit this vulnerability by crafting a malicious file and tricking a user into processing it using the convert command, leading to a Memory Leak in the WriteOnePNGImage() function.

Mitigation and Prevention

It is crucial to take immediate steps to mitigate the risks posed by CVE-2017-11538.

Immediate Steps to Take

Update ImageMagick to a non-vulnerable version.
Avoid processing untrusted image files using the convert command.

Long-Term Security Practices

Regularly update software and apply security patches.
Implement proper input validation to prevent the processing of malicious files.

Patching and Updates

Ensure that ImageMagick is regularly updated to the latest version to address known vulnerabilities and improve overall system security.