CVE-2018-15607

EUVD-2018-7478
In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
imagemagickimagemagick
7.0.8-11:q16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
imagemagick
bionic
Fixed 8:6.9.7.4+dfsg-16ubuntu6.7
released
cosmic
Fixed 8:6.9.10.8+dfsg-1ubuntu2.2
released
disco
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
needed
xenial
Fixed 8:6.8.9.9-7ubuntu5.14
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105137
https://github.com/ImageMagick/ImageMagick/issues/1255
https://usn.ubuntu.com/4034-1/
http://www.securityfocus.com/bid/105137
https://github.com/ImageMagick/ImageMagick/issues/1255
https://usn.ubuntu.com/4034-1/