CVE-2017-13658 : Security Advisory and Response

ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3 is vulnerable to a denial of service due to a lack of NULL check in the ReadMATImage function.

Understanding CVE-2017-13658

This CVE involves a vulnerability in ImageMagick that can lead to a denial of service.

What is CVE-2017-13658?

A missing NULL check in the ReadMATImage function in ImageMagick can result in a denial of service, causing an assertion failure and application exit.

The Impact of CVE-2017-13658

This vulnerability can be exploited to trigger a denial of service attack, potentially disrupting the affected system's functionality.

Technical Details of CVE-2017-13658

ImageMagick versions prior to 6.9.9-3 and 7.x before 7.0.6-3 are affected by this vulnerability.

Vulnerability Description

The lack of a NULL check in the ReadMATImage function can lead to a denial of service in the DestroyImageInfo function in ImageMagick.

Affected Systems and Versions

ImageMagick versions prior to 6.9.9-3
ImageMagick 7.x before 7.0.6-3

Exploitation Mechanism

Exploiting this vulnerability involves triggering the missing NULL check in the ReadMATImage function, leading to a denial of service in ImageMagick.

Mitigation and Prevention

It is crucial to take immediate steps to address and prevent the exploitation of this vulnerability.

Immediate Steps to Take

Update ImageMagick to version 6.9.9-3 or 7.0.6-3 or later to mitigate the vulnerability.
Monitor security advisories for any patches or updates related to this issue.

Long-Term Security Practices

Regularly update and patch software to ensure the latest security fixes are in place.
Implement proper input validation and error handling mechanisms to prevent similar vulnerabilities.

Patching and Updates

Apply patches provided by ImageMagick promptly to address this vulnerability.