Denial of Service Vulnerability in ImageMagick 7.0.6-8 WritePDFImage Function

CVE-2017-13132 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.

Learn more about our Web Application Penetration Testing UK.