coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "296576753049857096586843797763829914288", "17993968790903987893231608497524273411", "74798947103659407401994916661248484088", "254940942221285631757059878358456099993" ] }, "id": "CVE-2017-11449-58e5c83f", "source": "https://github.com/imagemagick/imagemagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1", "signature_version": "v1", "signature_type": "Line", "target": { "file": "coders/mpc.c" }, "deprecated": false }, { "digest": { "function_hash": "50210246413655033184503255044832953378", "length": 574.0 }, "id": "CVE-2017-11449-708197e3", "source": "https://github.com/imagemagick/imagemagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3", "signature_version": "v1", "signature_type": "Function", "target": { "file": "coders/mpc.c", "function": "RegisterMPCImage" }, "deprecated": false }, { "digest": { "function_hash": "251578031712684776628625108905241346480", "length": 650.0 }, "id": "CVE-2017-11449-924c7ba6", "source": "https://github.com/imagemagick/imagemagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1", "signature_version": "v1", "signature_type": "Function", "target": { "file": "coders/mpc.c", "function": "RegisterMPCImage" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "289790261950978927062890139494971400293", "42955579105180743444049797488509417119", "40782650941201800503312105572279006367", "50560069848468478718187569227748359994", "185946262822082868847179569053753178537", "167169125954746693327943733003800258737", "279310443560654285899413573822525098439", "41265843592503498045219320689666491393" ] }, "id": "CVE-2017-11449-da0d90ab", "source": "https://github.com/imagemagick/imagemagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3", "signature_version": "v1", "signature_type": "Line", "target": { "file": "coders/mpc.c" }, "deprecated": false } ] }