In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"
],
"extracted_events": [
{
"introduced": "14.04"
},
{
"last_affected": "14.04"
},
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
},
{
"introduced": "17.10"
},
{
"last_affected": "17.10"
},
{
"introduced": "18.04"
},
{
"last_affected": "18.04"
}
],
"source": "CPE_STRING",
"vendor_product": "canonical:ubuntu_linux"
},
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
},
{
"introduced": "10.0"
},
{
"last_affected": "10.0"
}
],
"source": "CPE_STRING",
"vendor_product": "debian:debian_linux"
},
{
"cpes": [
"cpe:2.3:a:imagemagick:imagemagick:7.0.7-0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "7.0.7-0"
},
{
"last_affected": "7.0.7-0"
},
{
"introduced": "7.0.7-0"
},
{
"last_affected": "7.0.7-0"
}
],
"source": "CPE_STRING",
"vendor_product": "imagemagick:imagemagick"
}
]
}"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14174.json"
"2026-07-11T18:14:57Z"
[
{
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8",
"signature_type": "Function",
"id": "CVE-2017-14174-31c4e883",
"digest": {
"length": 9900.0,
"function_hash": "227917248977604756752895232461377639028"
},
"deprecated": false,
"target": {
"function": "ReadPSDLayersInternal",
"file": "coders/psd.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick/commit/f68a98a9d385838a1c73ec960a14102949940a64",
"signature_type": "Function",
"id": "CVE-2017-14174-bd106eba",
"digest": {
"length": 9724.0,
"function_hash": "74929056351228355100111006193809748399"
},
"deprecated": false,
"target": {
"function": "ReadPSDLayersInternal",
"file": "coders/psd.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick/commit/f68a98a9d385838a1c73ec960a14102949940a64",
"signature_type": "Line",
"id": "CVE-2017-14174-bee63ba2",
"digest": {
"line_hashes": [
"119178249013279704618013376981903919060",
"253136456020829464413097838557476855346",
"215046673533424231018582341993883771574",
"337916046612336122829028477682898819654"
],
"threshold": 0.9
},
"deprecated": false,
"target": {
"file": "coders/psd.c"
}
}
]