Excessive Iteration

CVE-2017-11360

Medium

6.5/10

Summary

The ReadRLEImage function in coders\rle.c in ImageMagick6 before 6.9.9-0 and ImageMagick7 before 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-834 - Excessive Iteration

The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

References

Issue
Issue
POC/Exploit
Advisory

Advisory Timeline

Published Jul 17, 2017

Excessive Iteration

CVE-2017-11360

Summary

CWE-834 - Excessive Iteration

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS