CVE-2018-20189 — Improper Input Validation in Graphicsmagick

CWE-20 — Improper Input Validation10 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

1.7%

top 17.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick Debian Linux

Timeline

PublishedDec 17

Latest updateMar 27

Description

In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/graphicsmagick< graphicsmagick 1.4~hg15873-1 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.4~hg15873-1+3

▶Ubuntugraphicsmagick/graphicsmagick< 1.4+really1.3.35-1ubuntu0.1+3

▶NVDgraphicsmagick/graphicsmagick1.3.31

Also affects: Debian Linux 8.0

Patches

Patch: hg.graphicsmagick.org ↗Patch: hg.graphicsmagick.org ↗

🔴Vulnerability Details

OSV

graphicsmagick vulnerabilities↗2023-03-27

▶

GHSA

GHSA-g57h-69c2-w5qc: In GraphicsMagick 1↗2022-05-13

▶

OSV

CVE-2018-20189: In GraphicsMagick 1↗2018-12-17

▶

📋Vendor Advisories

Ubuntu

GraphicsMagick vulnerabilities↗2023-03-27

▶

Ubuntu

GraphicsMagick vulnerabilities↗2019-12-03

▶

Debian

CVE-2018-20189: graphicsmagick - In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulner...↗2018

▶

💬Community

Bugzilla

CVE-2018-20189 GraphicsMagick: denial of service via a dib file↗2018-12-21

▶

Bugzilla

CVE-2018-20189 GraphicsMagick: denial of service via a dib file [epel-all]↗2018-12-21

▶

Bugzilla

CVE-2018-20189 GraphicsMagick: denial of service via a dib file [fedora-all]↗2018-12-21

▶