CVE-2018-16323
published 2018-09-01CVE-2018-16323: ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the…
PriorityP354medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EXPLOIT
EPSS
49.32%
98.7th percentile
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | imagemagick | < imagemagick 8:6.9.10.14+dfsg-1 (bookworm) | imagemagick 8:6.9.10.14+dfsg-1 (bookworm) |
| imagemagick | imagemagick | < 6.9.10-9 | 6.9.10-9 |
| imagemagick | imagemagick | >= 0 < 8:6.9.10.14+dfsg-1 | 8:6.9.10.14+dfsg-1 |
| imagemagick | imagemagick | >= 0 < 8:6.9.10.14+dfsg-1 | 8:6.9.10.14+dfsg-1 |
| imagemagick | imagemagick | >= 0 < 8:6.9.10.14+dfsg-1 | 8:6.9.10.14+dfsg-1 |
| imagemagick | imagemagick | >= 0 < 8:6.9.10.14+dfsg-1 | 8:6.9.10.14+dfsg-1 |
| imagemagick | imagemagick | >= 0 < 8:6.7.7.10-6ubuntu3.13 | 8:6.7.7.10-6ubuntu3.13 |
| imagemagick | imagemagick | >= 0 < 8:6.8.9.9-7ubuntu5.13 | 8:6.8.9.9-7ubuntu5.13 |
| imagemagick | imagemagick | >= 0 < 8:6.9.7.4+dfsg-16ubuntu6.4 | 8:6.9.7.4+dfsg-16ubuntu6.4 |
| imagemagick | imagemagick | >= 7.0.0-0 < 7.0.8-9 | 7.0.8-9 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect XBM files submitted to ImageMagick processing pipelines that contain a negative pixel value (e.g., 0x80000001) in the pixel data array — this is the trigger for the uninitialized memory read. ↗
- →Monitor for XBM files being converted to output image formats (PNG, JPEG, GIF, etc.) by ImageMagick; the leaked memory is recoverable from the output image's pixel data via hex extraction. ↗
- →Flag use of ImageMagick versions prior to 7.0.8-9 processing XBM input, particularly in web services where user-supplied images are accepted — the vulnerability leaks process memory into image output. ↗
- ·The vulnerability is scoped as 'local' by Debian; exploitation requires the ability to supply a crafted XBM file to an ImageMagick-based process that also handles sensitive in-memory data. ↗
- ·Red Hat marked all affected RHEL packages (5, 6, 7, 8) as 'Will not fix', meaning patched ImageMagick RPMs are not available from Red Hat for those platforms. ↗
- ·Memory leakage is probabilistic ('sometimes can be leaked'), so absence of leaked data in output does not confirm a patched or unexploitable instance. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q2cj-g3jg-cp49: ReadXBMImage in coders/xbm
ghsa_unreviewed·2022-05-13
CVE-2018-16323 [MEDIUM] CWE-200 GHSA-q2cj-g3jg-cp49: ReadXBMImage in coders/xbm
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
OSV
imagemagick vulnerabilities
osv·2018-10-04·CVSS 6.5
[MEDIUM] imagemagick vulnerabilities
imagemagick vulnerabilities
Due to a large number of issues discovered in GhostScript that prevent
it from being used by ImageMagick safely, this update includes a
default policy change that disables support for the Postscript and
PDF formats in ImageMagick. This policy can be overridden if necessary
by using an alternate ImageMagick policy configuration.
It was discovered that several memory leaks existed when handling
certain images in ImageMagick. An attacker could use this to cause a
denial of service. (CVE-2018-14434, CVE-2018-14435, CVE-2018-14436,
CVE-2018-14437, CVE-2018-16640, CVE-2018-16750)
It was discovered that ImageMagick did not properly initialize a
variable before using it when processing MAT images. An attacker could
use this to cause a denial of service or possibly ex
OSV
CVE-2018-16323: ReadXBMImage in coders/xbm
osv·2018-09-01·CVSS 6.5
CVE-2018-16323 [MEDIUM] CVE-2018-16323: ReadXBMImage in coders/xbm
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
Ubuntu
ImageMagick vulnerabilities
vendor_ubuntu·2019-06-25
CVE-2017-12805 ImageMagick vulnerabilities
Title: ImageMagick vulnerabilities
Summary: Several security issues were fixed in ImageMagick.
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.
Due to a large number of issues discovered in GhostScript that prevent it
from being used by ImageMagick safely, the update for Ubuntu 18.10 and
Ubuntu 19.04 includes a default policy change that disables support for the
Postscript and PDF formats in ImageMagick. This policy can be overridden if
necessary by using an alternate ImageMagick policy configuration.
Instructions
Ubuntu
ImageMagick vulnerabilities
vendor_ubuntu·2018-10-04·CVSS 6.5
CVE-2018-14434 [MEDIUM] ImageMagick vulnerabilities
Title: ImageMagick vulnerabilities
Summary: Several security issues were fixed in ImageMagick.
Due to a large number of issues discovered in GhostScript that prevent
it from being used by ImageMagick safely, this update includes a
default policy change that disables support for the Postscript and
PDF formats in ImageMagick. This policy can be overridden if necessary
by using an alternate ImageMagick policy configuration.
It was discovered that several memory leaks existed when handling
certain images in ImageMagick. An attacker could use this to cause a
denial of service. (CVE-2018-14434, CVE-2018-14435, CVE-2018-14436,
CVE-2018-14437, CVE-2018-16640, CVE-2018-16750)
It was discovered that ImageMagick did not properly initialize a
variable before using it when processing MAT images. An
Red Hat
ImageMagick: Information leak in ReadXBMImage in coders/xbm.c
vendor_redhat·2018-07-24·CVSS 6.5
CVE-2018-16323 [MEDIUM] CWE-665 ImageMagick: Information leak in ReadXBMImage in coders/xbm.c
ImageMagick: Information leak in ReadXBMImage in coders/xbm.c
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
Package: ImageMagick (Red Hat Enterprise Linux 5) - Will not fix
Package: ImageMagick (Red Hat Enterprise Linux 6) - Will not fix
Package: ImageMagick (Red Hat Enterprise Linux 7) - Will not fix
Package: ImageMagick (Red Hat Enterprise Linux 8) - Will not fix
Debian
CVE-2018-16323: imagemagick - ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitial...
vendor_debian·2018·CVSS 6.5
CVE-2018-16323 [MEDIUM] CVE-2018-16323: imagemagick - ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitial...
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
Scope: local
bookworm: resolved (fixed in 8:6.9.10.14+dfsg-1)
bullseye: resolved (fixed in 8:6.9.10.14+dfsg-1)
forky: resolved (fixed in 8:6.9.10.14+dfsg-1)
sid: resolved (fixed in 8:6.9.10.14+dfsg-1)
trixie: resolved (fixed in 8:6.9.10.14+dfsg-1)
No detection rules found.
Bugzilla
CVE-2018-16323 ImageMagick: Information leak in ReadXBMImage in coders/xbm.c
bugzilla·2018-09-03·CVSS 6.5
CVE-2018-16323 [MEDIUM] CVE-2018-16323 ImageMagick: Information leak in ReadXBMImage in coders/xbm.c
CVE-2018-16323 ImageMagick: Information leak in ReadXBMImage in coders/xbm.c
A flaw was found in ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
References:
https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786
Discussion:
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1624965]
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2018-16323
Bugzilla
CVE-2018-16323 ImageMagick: Information leak in ReadXBMImage in coders/xbm.c [fedora-all]
bugzilla·2018-09-03·CVSS 6.5
CVE-2018-16323 [MEDIUM] CVE-2018-16323 ImageMagick: Information leak in ReadXBMImage in coders/xbm.c [fedora-all]
CVE-2018-16323 ImageMagick: Information leak in ReadXBMImage in coders/xbm.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppor
https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786https://usn.ubuntu.com/3785-1/https://usn.ubuntu.com/4034-1/https://www.exploit-db.com/exploits/45890/https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786https://usn.ubuntu.com/3785-1/https://usn.ubuntu.com/4034-1/https://www.exploit-db.com/exploits/45890/
2018-09-01
Published