CVE-2018-16642 — Out-of-bounds Write in Imagemagick

CWE-787 — Out-of-bounds Write10 documents7 sources

Severity

6.5MEDIUMNVD

OSV9.8

EPSS

0.3%

top 46.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Php5 Debian Imagemagick +2 more

Timeline

PublishedSep 6

Latest updateMay 14

Description

The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.10.2+dfsg-2 (bookworm)

▶Debianimagemagick/imagemagick< 8:6.9.10.2+dfsg-2+3

▶Ubuntuimagemagick/imagemagick< 8:6.7.7.10-6ubuntu3.13+2

▶NVDimagemagick/imagemagick7.0.7-37

▶Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.23

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-f9hm-9p3q-v78c: The function InsertRow in coders/cut↗2022-05-14

▶

OSV

imagemagick vulnerabilities↗2018-10-04

▶

OSV

CVE-2018-16642: The function InsertRow in coders/cut↗2018-09-06

▶

OSV

php5 vulnerabilities↗2018-02-12

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2018-10-04

▶

Red Hat

ImageMagick: out-of-bounds write in InsertRow function in coders/cut.c↗2018-06-01

▶

Debian

CVE-2018-16642: imagemagick - The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote att...↗2018

▶

💬Community

Bugzilla

CVE-2018-16642 ImageMagick: out-of-bounds write in InsertRow function in coders/cut.c [fedora-all]↗2018-09-07

▶

Bugzilla

CVE-2018-16642 ImageMagick: out-of-bounds write in InsertRow function in coders/cut.c↗2018-09-07

▶