CVE-2018-12599 — Out-of-bounds Write in Imagemagick

Severity

8.8HIGHNVD

EPSS

0.4%

top 42.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 20

Latest updateMay 14

Description

In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

▶debiandebian/imagemagick< imagemagick 8:6.9.10.2+dfsg-2 (bookworm)

▶Debianimagemagick/imagemagick< 8:6.9.10.2+dfsg-2+3

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04

GHSA

GHSA-3gpg-jmj2-prg2: In ImageMagick 7↗2022-05-14

▶

OSV

CVE-2018-12599: In ImageMagick 7↗2018-06-20

▶

Ubuntu

ImageMagick vulnerabilities↗2018-07-11

▶

Red Hat

ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c↗2018-06-19

▶

Debian

CVE-2018-12599: imagemagick - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow...↗2018

▶

Bugzilla

CVE-2018-12599 ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c↗2018-06-22

▶

Bugzilla

CVE-2018-12599 ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c [fedora-all]↗2018-06-22

▶