GraphicsMagick coders/tiff.c Denial of Service Vulnerability [CVE-2017-10794]

CVE Number –  CVE-2017-10794

A vulnerability in GraphicsMagick could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper memory operations that are performed by the coders/tiff.csource code of the affected software. An attacker could exploit this vulnerability by processing a malicious RGB TIFF picture on the targeted system. A successful exploit could lead to a buffer overflow condition, resulting in a DoS condition on the targeted system.

GraphicsMagick has confirmed the vulnerability and released a software patch.

Analysis
  • To exploit this vulnerability, the attacker must have local access to the targeted system or may use misleading language or instructions to persuade a targeted user on the local system to open a malicious file.
Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to access local systems.

    Users are advised not to open unsolicited email attachments. Users should verify that attachments are safe before opening them.

    Administrators are advised to monitor affected systems.

Vendor Announcements
  • GraphicsMagick has released a commit at the following link: commit a20bee

Fixed Software
  • GraphicsMagick has released a patch at the following link: GraphicsMagick Changeset



Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: