The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image. Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/528 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/78b819628b6a9429f0c33b72e695b4df0b32faea References: https://bugzilla.novell.com/show_bug.cgi?id=1049796 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867826 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11478.html
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1474420]