Source: security-advisories@github.com
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick, a widely used image processing software, is vulnerable to a Denial of Service (DoS) attack. A crafted JPEG image can trigger an infinite loop within the JPEG encoding process, leading to 100% CPU utilization and a system freeze, effectively rendering the affected system unusable. This vulnerability can be exploited by uploading or processing malicious images.
Step 1: Payload Delivery: An attacker crafts a malicious JPEG image. This image is designed to trigger a write failure during the JPEG encoding process, specifically within the extent binary search loop.
Step 2: Image Processing: The victim system, using a vulnerable version of ImageMagick, attempts to process the malicious JPEG image. This could be triggered by a user uploading the image, a web server processing it, or any other process that uses ImageMagick.
Step 3: Triggering the Vulnerability: During the JPEG encoding process, the crafted image causes a persistent write failure, which is then handled by the continue statement within the extent binary search loop.
Step 4: Infinite Loop: The continue statement restarts the loop, and the write failure persists. The loop repeats indefinitely, consuming 100% of the CPU resources.
Step 5: Denial of Service: The system becomes unresponsive due to the CPU exhaustion, resulting in a DoS.
The vulnerability lies within the JPEG encoder's binary search loop for extent determination. A continue statement within this loop, triggered by persistent write failures, causes the loop to restart indefinitely instead of handling the error gracefully. This leads to the encoder consuming all available CPU resources, resulting in a DoS. The root cause is a flawed error handling mechanism within the JPEG encoding process, specifically the failure to properly manage write errors during extent calculations. The lack of proper error handling allows the loop to continue indefinitely, consuming all available CPU resources. The specific function affected is likely related to the WriteJPEGImage or associated functions within the ImageMagick codebase, specifically the part that handles the binary search for JPEG extent determination.
While no specific APTs or malware are known to be actively exploiting this vulnerability at this time, the widespread use of ImageMagick makes it a potentially attractive target. The lack of a public PoC suggests that it is not yet widely known or exploited. CISA KEV status: Not Listed.
High CPU utilization by ImageMagick processes (e.g., convert, magick).
Unusually long processing times for image-related tasks.
Network traffic spikes associated with image processing if the vulnerability is triggered via a network service.
System logs showing repeated error messages related to JPEG encoding or write failures within ImageMagick processes.
Monitoring of ImageMagick process resource usage (CPU, memory, disk I/O).
Upgrade to ImageMagick version 7.1.2-15 or 6.9.13-40 or later. These versions contain the patch that addresses the vulnerability.
Implement input validation to restrict the types and sizes of images that can be processed. This can prevent the upload or processing of malicious images.
Monitor ImageMagick processes for excessive CPU usage and implement alerts.
Regularly update ImageMagick and other software components to the latest versions.
Consider using a web application firewall (WAF) to filter malicious image uploads.
Implement rate limiting on image processing requests to mitigate potential DoS attacks.
If possible, restrict the functionality of ImageMagick to only the necessary features.