CVE-2018-15607

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
imagemagickimagemagick
7.0.8-11:q16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bullseye
unimportant
bullseye (security)
unimportant
bookworm
unimportant
bookworm (security)
unimportant
trixie
unimportant
sid
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
imagemagick
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
focal
not-affected
disco
not-affected
cosmic
Fixed 8:6.9.10.8+dfsg-1ubuntu2.2
released
bionic
Fixed 8:6.9.7.4+dfsg-16ubuntu6.7
released
xenial
Fixed 8:6.8.9.9-7ubuntu5.14
released
trusty
needed
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105137
https://github.com/ImageMagick/ImageMagick/issues/1255
https://usn.ubuntu.com/4034-1/
http://www.securityfocus.com/bid/105137
https://github.com/ImageMagick/ImageMagick/issues/1255
https://usn.ubuntu.com/4034-1/