Skip to main content

Excessive Iteration

CVE-2017-11505

Severity Medium
Score 6.5/10

Summary

The ReadOneJNGImage function in "coders/png.c" in ImageMagick prior to 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • HIGH

CWE-834 - Excessive Iteration

The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

Advisory Timeline

  • Published