{"id":"CVE-2017-14174","details":"In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large \"length\" field in the header but does not contain sufficient backing data, is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop.","modified":"2026-04-11T04:38:10.669738Z","published":"2017-09-07T06:29:00.390Z","related":["SUSE-SU-2018:0017-1","SUSE-SU-2018:0043-1","SUSE-SU-2018:0197-1","SUSE-SU-2018:0413-1"],"references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3681-1/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201711-07"},{"type":"REPORT","url":"https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/issues/714"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"last_affected":"27f8ba82ddd665ab41cef6588128f680cbd69905"},{"fixed":"04a567494786d5bb50894fc8bb8fea0cf496bea8"},{"fixed":"f68a98a9d385838a1c73ec960a14102949940a64"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0.7-0"}]}}],"versions":["7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.2-0","7.0.2-1","7.0.2-10","7.0.2-2","7.0.2-3","7.0.2-4","7.0.2-5","7.0.2-6","7.0.2-7","7.0.2-8","7.0.2-9","7.0.3-0","7.0.3-1","7.0.3-10","7.0.3-2","7.0.3-3","7.0.3-4","7.0.3-5","7.0.3-6","7.0.3-7","7.0.3-8","7.0.3-9","7.0.4-0","7.0.4-1","7.0.4-10","7.0.4-2","7.0.4-3","7.0.4-4","7.0.4-5","7.0.4-6","7.0.4-7","7.0.4-8","7.0.4-9","7.0.5-0","7.0.5-1","7.0.5-10","7.0.5-2","7.0.5-3","7.0.5-4","7.0.5-5","7.0.5-6","7.0.5-7","7.0.5-8","7.0.5-9","7.0.6-0","7.0.6-1","7.0.6-2","7.0.6-3","7.0.6-4","7.0.6-5","7.0.6-6","7.0.6-7","7.0.6-8","7.0.6-9","7.0.7-0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"vanir_signatures":[{"target":{"function":"ReadPSDLayersInternal","file":"coders/psd.c"},"deprecated":false,"id":"CVE-2017-14174-31c4e883","signature_type":"Function","digest":{"length":9900,"function_hash":"227917248977604756752895232461377639028"},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8"},{"target":{"file":"coders/psd.c"},"deprecated":false,"id":"CVE-2017-14174-706abace","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["32049726182043773295831741800393104160","116815506679453889333938500875355286678","37599358493580759400267485990006730898","222087902911553895177657525699636973625","118404880492283785480432832241024075699","1752188889627796884148367525604958584","181111959647521990704820429920478013314","282473728919783827309401937559219838893","111981894211551939028127913553521763473","253814620399284480092793794610979086869","119178249013279704618013376981903919060","79015034135935460010600351486705185641","84432751106280033825734581237973625459","38746096759329930751540293879158257427","169056012500103527471030818501857572731","99985599913578047027501822907550074458","90597545397212835860869979680209699699","176494185004056987080038562589558949699","163454091415429016158157889608230868526","159286878803305277457820501179634130341","275651103362991085692720818461891371356","159797418556431481999465662563907980449","86815602352660556175091687456637381012","28680800489996102525268462193067873767","162094283140213643827941153996951279603"]},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8"},{"target":{"function":"ReadPSDLayersInternal","file":"coders/psd.c"},"deprecated":false,"id":"CVE-2017-14174-bd106eba","signature_type":"Function","digest":{"length":9724,"function_hash":"74929056351228355100111006193809748399"},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/f68a98a9d385838a1c73ec960a14102949940a64"},{"target":{"file":"coders/psd.c"},"deprecated":false,"id":"CVE-2017-14174-bee63ba2","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["119178249013279704618013376981903919060","253136456020829464413097838557476855346","215046673533424231018582341993883771574","337916046612336122829028477682898819654"]},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/f68a98a9d385838a1c73ec960a14102949940a64"}],"vanir_signatures_modified":"2026-04-11T04:38:10Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14174.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}