GraphicsMagick ReadEnhMetaFile Function Denial of Service Vulnerability [CVE-2017-18231]

A vulnerability in the ReadEnhMetaFile function of GraphicsMagick could allow an attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper memory operations that are performed by the affected software when the ReadEnhMetaFile function, as defined in the coders/emf.csource code file of the affected software, is used. An attacker could exploit this vulnerability to cause the affected software to stop functioning, resulting in a DoS condition on the targeted system.

GraphicsMagick has confirmed the vulnerability and released a software patch.

CVE number is CVE-2017-18231

Analysis
  • To exploit this vulnerability, the attacker must have local access to the targeted system or may use misleading language and instructions to persuade a targeted user on the local system to open a crafted file.
Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to access local systems.

    Users are advised not to open unsolicited email attachments. Users should verify that attachments are safe before opening them.

    Administrators are advised to monitor affected systems.

Vendor Announcements
  • GraphicsMagick has released a bug report at the following link: Bug 475
Fixed Software





Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: