CVE-2018-5685 — Infinite Loop in Graphicsmagick

CWE-835 — Infinite Loop10 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.8%

top 25.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick Debian Linux

Timeline

PublishedJan 14

Latest updateMar 27

Description

In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/graphicsmagick< graphicsmagick 1.3.27-4 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.3.27-4+3

▶Ubuntugraphicsmagick/graphicsmagick< 1.4+really1.3.35-1ubuntu0.1+3

▶NVDgraphicsmagick/graphicsmagick1.3.27

Also affects: Debian Linux 7.0, 8.0, 9.0

Patches

Patch: hg.graphicsmagick.org ↗Patch: hg.graphicsmagick.org ↗

🔴Vulnerability Details

OSV

graphicsmagick vulnerabilities↗2023-03-27

▶

GHSA

GHSA-3r44-xhxh-qh7x: In GraphicsMagick 1↗2022-05-13

▶

OSV

CVE-2018-5685: In GraphicsMagick 1↗2018-01-14

▶

💥Exploits & PoCs

Exploit-DB

PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation↗2021-01-06

▶

📋Vendor Advisories

Ubuntu

GraphicsMagick vulnerabilities↗2023-03-27

▶

Debian

CVE-2018-5685: graphicsmagick - In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ...↗2018

▶

💬Community

Bugzilla

CVE-2018-5685 GraphicsMagick: Infinite loop and application hang in coders/bmp.c:ReadBMPImage [epel-all]↗2018-01-22

▶

Bugzilla

CVE-2018-5685 GraphicsMagick: Infinite loop and application hang in coders/bmp.c:ReadBMPImage↗2018-01-22

▶

Bugzilla

CVE-2018-5685 GraphicsMagick: Infinite loop and application hang in coders/bmp.c:ReadBMPImage [fedora-all]↗2018-01-22

▶