CVE-2017-18252 — Reachable Assertion in Imagemagick

CWE-617 — Reachable Assertion8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 64.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick Canonical Ubuntu Linux

Timeline

PublishedMar 27

Latest updateMay 13

Description

An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.9.34+dfsg-3 (bookworm)

▶Debianimagemagick/imagemagick< 8:6.9.9.34+dfsg-3+3

▶NVDimagemagick/imagemagick7.0.7

Also affects: Ubuntu Linux 14.04, 16.04, 17.10, 18.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-7jjh-w2vp-qm6g: An issue was discovered in ImageMagick 7↗2022-05-13

▶

OSV

CVE-2017-18252: An issue was discovered in ImageMagick 7↗2018-03-27

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2018-06-12

▶

Red Hat

ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c↗2017-09-30

▶

Debian

CVE-2017-18252: imagemagick - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in M...↗2017

▶

💬Community

Bugzilla

CVE-2017-18252 ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c↗2018-03-28

▶

Bugzilla

CVE-2017-18250 CVE-2017-18251 CVE-2017-18252 CVE-2017-18253 CVE-2017-18254 CVE-2018-9133 ImageMagick: various flaws [fedora-all]↗2018-03-28

▶