GraphicsMagick ReadTIFFImage Function Denial of Service Vulnerability [CVE-2017-18229]

CVE number = CVE-2017-18229

A vulnerability in the ReadTIFFImage function of GraphicsMagick could allow an attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper memory operations that are performed by the affected software when the ReadTIFFImage function, as defined in the coders/tiff.c source code file of the affected software, is used. An attacker could exploit this vulnerability to cause the affected software to stop functioning, resulting in a DoS condition on the targeted system.

Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.

GraphicsMagick has confirmed the vulnerability and released a software patch.

Analysis
  • To exploit this vulnerability, the attacker must have local access to the targeted system or may use misleading language and instructions to persuade a targeted user on the local system to open a crafted file.
Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to access local systems.

    Users are advised not to open unsolicited email attachments. Users should verify that attachments are safe before opening them.

    Administrators are advised to monitor affected systems.

Vendor Announcements
  • GraphicsMagick has released a bug report at the following link: Bug 461
Fixed Software





Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: