Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-16323Sensitive Information Exposure in Imagemagick

CWE-200Sensitive Information ExposureCWE-665Improper Initialization11 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
87.5%
top 0.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
ImagemagickDebian ImagemagickCanonical Ubuntu Linux
Timeline
PublishedSep 1
Latest updateMay 13

Description

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/imagemagick< imagemagick 8:6.9.10.14+dfsg-1 (bookworm)
NVDimagemagick/imagemagick7.0.0-07.0.8-9+1
Debianimagemagick/imagemagick< 8:6.9.10.14+dfsg-1+3
Ubuntuimagemagick/imagemagick< 8:6.7.7.10-6ubuntu3.13+2

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10, 19.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-q2cj-g3jg-cp49: ReadXBMImage in coders/xbm2022-05-13
OSV
imagemagick vulnerabilities2018-10-04
OSV
CVE-2018-16323: ReadXBMImage in coders/xbm2018-09-01

💥Exploits & PoCs

1
Exploit-DB
ImageMagick - Memory Leak2018-11-19

📋Vendor Advisories

4
Ubuntu
ImageMagick vulnerabilities2019-06-25
Ubuntu
ImageMagick vulnerabilities2018-10-04
Red Hat
ImageMagick: Information leak in ReadXBMImage in coders/xbm.c2018-07-24
Debian
CVE-2018-16323: imagemagick - ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitial...2018

💬Community

2
Bugzilla
CVE-2018-16323 ImageMagick: Information leak in ReadXBMImage in coders/xbm.c2018-09-03
Bugzilla
CVE-2018-16323 ImageMagick: Information leak in ReadXBMImage in coders/xbm.c [fedora-all]2018-09-03