CVE-2018-6930 — Out-of-bounds Read in Imagemagick

CWE-125 — Out-of-bounds Read CWE-121 — Stack-based Buffer Overflow10 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 31.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedFeb 13

Latest updateMay 13

Description

A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/imagemagick

▶NVDimagemagick/imagemagick7.0.7-22

🔴Vulnerability Details

GHSA

GHSA-vxrw-8qh6-q57p: A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate↗2022-05-13

▶

📋Vendor Advisories

Red Hat

ImageMagick: Stack-based buffer over-read in the ComputeResizeImage function↗2018-01-31

▶

Debian

CVE-2018-6930: imagemagick - A stack-based buffer over-read in the ComputeResizeImage function in the MagickC...↗2018

▶

💬Community

Bugzilla

CVE-2018-6930 ImageMagick: Stack-based buffer over-read in the ComputeResizeImage function↗2018-02-13

▶

Bugzilla

CVE-2018-6405 CVE-2018-6876 CVE-2018-6930 ImageMagick: various flaws [fedora-all]↗2018-02-05

▶