CVE-2018-11624Use After Free in Imagemagick

CWE-416Use After Free7 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 34.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ImagemagickDebian Imagemagick
Timeline
PublishedMay 31
Latest updateMay 14

Description

In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/imagemagick< imagemagick 8:6.9.10.2+dfsg-2 (bookworm)
Debianimagemagick/imagemagick< 8:6.9.10.2+dfsg-2+3

🔴Vulnerability Details

2
GHSA
GHSA-5mpm-mmw7-qpwp: In ImageMagick 72022-05-14
OSV
CVE-2018-11624: In ImageMagick 72018-05-31

📋Vendor Advisories

2
Red Hat
ImageMagick: use after free in ReadMATImage function in coders/mat.c2018-05-29
Debian
CVE-2018-11624: imagemagick - In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows at...2018

💬Community

2
Bugzilla
CVE-2018-11624 ImageMagick: use after free in ReadMATImage function in coders/mat.c2018-05-31
Bugzilla
CVE-2018-11624 ImageMagick: use after free in ReadMATImage function in coders/mat.c [fedora-all]2018-05-31