cbcvebase.
CVE-2018-16323
published 2018-09-01

CVE-2018-16323: ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the…

PriorityP354medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EXPLOIT
EPSS
49.32%
98.7th percentile
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.

Affected

15 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianimagemagick< imagemagick 8:6.9.10.14+dfsg-1 (bookworm)imagemagick 8:6.9.10.14+dfsg-1 (bookworm)
imagemagickimagemagick< 6.9.10-96.9.10-9
imagemagickimagemagick>= 0 < 8:6.9.10.14+dfsg-18:6.9.10.14+dfsg-1
imagemagickimagemagick>= 0 < 8:6.9.10.14+dfsg-18:6.9.10.14+dfsg-1
imagemagickimagemagick>= 0 < 8:6.9.10.14+dfsg-18:6.9.10.14+dfsg-1
imagemagickimagemagick>= 0 < 8:6.9.10.14+dfsg-18:6.9.10.14+dfsg-1
imagemagickimagemagick>= 0 < 8:6.7.7.10-6ubuntu3.138:6.7.7.10-6ubuntu3.13
imagemagickimagemagick>= 0 < 8:6.8.9.9-7ubuntu5.138:6.8.9.9-7ubuntu5.13
imagemagickimagemagick>= 0 < 8:6.9.7.4+dfsg-16ubuntu6.48:6.9.7.4+dfsg-16ubuntu6.4
imagemagickimagemagick>= 7.0.0-0 < 7.0.8-97.0.8-9

Detection & IOCsextracted from sources · hover to see the quote

pathcoders/xbm.c
urlhttps://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786
  • Detect XBM files submitted to ImageMagick processing pipelines that contain a negative pixel value (e.g., 0x80000001) in the pixel data array — this is the trigger for the uninitialized memory read.
  • Monitor for XBM files being converted to output image formats (PNG, JPEG, GIF, etc.) by ImageMagick; the leaked memory is recoverable from the output image's pixel data via hex extraction.
  • Flag use of ImageMagick versions prior to 7.0.8-9 processing XBM input, particularly in web services where user-supplied images are accepted — the vulnerability leaks process memory into image output.
  • ·The vulnerability is scoped as 'local' by Debian; exploitation requires the ability to supply a crafted XBM file to an ImageMagick-based process that also handles sensitive in-memory data.
  • ·Red Hat marked all affected RHEL packages (5, 6, 7, 8) as 'Will not fix', meaning patched ImageMagick RPMs are not available from Red Hat for those platforms.
  • ·Memory leakage is probabilistic ('sometimes can be leaked'), so absence of leaked data in output does not confirm a patched or unexploitable instance.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.