ImageMagick is vulnerable to denial of service (DoS) attacks. A malicious user can pass a wpg file to the application to cause a large loop that consumes large amount of CPU through the ReadWPGImage()
function in coders/wpg.c
.
github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4
github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24
github.com/ImageMagick/ImageMagick/issues/654
github.com/jgj212
github.com/jgj212/poc/blob/master/cpu-ReadWPGImage
lists.debian.org/debian-lts-announce/2019/05/msg00015.html
lists.debian.org/debian-lts-announce/2020/09/msg00007.html
usn.ubuntu.com/3681-1/