{"id":"CVE-2017-14175","details":"In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.","modified":"2026-04-11T04:47:42.415957Z","published":"2017-09-07T06:29:00.437Z","related":["SUSE-SU-2017:3378-1","SUSE-SU-2017:3388-1"],"references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3681-1/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201711-07"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/issues/712"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"last_affected":"9871b4ad7400606bbecf7f979b198080f4b107c3"},{"fixed":"d9a8234d211da30baf9526fbebe9a8438ea7e11c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0.6-1"}]}}],"versions":["7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.2-0","7.0.2-1","7.0.2-10","7.0.2-2","7.0.2-3","7.0.2-4","7.0.2-5","7.0.2-6","7.0.2-7","7.0.2-8","7.0.2-9","7.0.3-0","7.0.3-1","7.0.3-10","7.0.3-2","7.0.3-3","7.0.3-4","7.0.3-5","7.0.3-6","7.0.3-7","7.0.3-8","7.0.3-9","7.0.4-0","7.0.4-1","7.0.4-10","7.0.4-2","7.0.4-3","7.0.4-4","7.0.4-5","7.0.4-6","7.0.4-7","7.0.4-8","7.0.4-9","7.0.5-0","7.0.5-1","7.0.5-10","7.0.5-2","7.0.5-3","7.0.5-4","7.0.5-5","7.0.5-6","7.0.5-7","7.0.5-8","7.0.5-9","7.0.6-0","7.0.6-1","7.0.6-2","7.0.6-3","7.0.6-4","7.0.6-5","7.0.6-6","7.0.6-7","7.0.6-8","7.0.6-9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14175.json","vanir_signatures_modified":"2026-04-11T04:47:42Z","vanir_signatures":[{"source":"https://github.com/imagemagick/imagemagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c","target":{"function":"ReadXBMImage","file":"coders/xbm.c"},"signature_type":"Function","digest":{"length":5095,"function_hash":"215445183312191341726070120287432714269"},"id":"CVE-2017-14175-31f2ab5d","deprecated":false,"signature_version":"v1"},{"source":"https://github.com/imagemagick/imagemagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c","target":{"file":"coders/xbm.c"},"signature_type":"Line","digest":{"line_hashes":["75355378327067456798751025390452206241","141810320395183736985744031401668937186","12658557245069636461200372521193317907","40995245431991860850146773333953264086","162833324008694907519642885606916276890","291510617104165506973992051289833568321","101036367907823272162813950817169559998","237673055227486977415920658344539470603","232257034630086355812318587844087608797","279802895753315972798456054448976214943","194988175870895379385590803087001243566","48719567047868585561279560208165026012","319504108237927955536514552798214134136","99328733460631759249596974572498646826","306474171478366498323080802254978657251","273390795999919125928020154821440036871","177629174253743903027881826512985916285","305088695214833770884778937992592196276","213607506058180916919985919114677418878","272264231728514507026099892996447354376","65457656179027957205837183014487671256","298555703327628733134797244797542943663","229120705087760256082315949948914271275","245200341407905352116847715442655104506","179397644109130762834640444016081512280","69245218947336887620593376325589414481","125092107822131119533180761847075070532","322633485317111498160525593811782961882","194565838556570923956664418088873038226","176928428437231390920686823766277986220","74017901146342513461026570438431535962","325201064911585135777530699699930640901","140731276478438774592122844515246943074","156182018895720678116895483964204988914","316146773586956924322353221621133836962","148864739057068288377281144967394906471","286715696580760003822115393716340444576","66578945725007564212663348501110054520","160525882646253059935591181687939061217","68271628479770020155035292135580209416","272827454721607817378569517046127289725","61841108442380893982074096371959039700","294216403250549407233159433749642943118","309347190725974139103994919865232310794","35294908611308394665687987813225991260","115204851577071085970853378770782950978","339455691165631897316526729607261501359"],"threshold":0.9},"id":"CVE-2017-14175-c40afe02","deprecated":false,"signature_version":"v1"},{"source":"https://github.com/imagemagick/imagemagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c","target":{"function":"XBMInteger","file":"coders/xbm.c"},"signature_type":"Function","digest":{"length":551,"function_hash":"189110900927147398612065403524043995321"},"id":"CVE-2017-14175-fc2bfd86","deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}