CVE-2018-15607

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
imagemagickimagemagick
7.0.8-11:q16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
imagemagick
bionic
Fixed 8:6.9.7.4+dfsg-16ubuntu6.7
released
cosmic
Fixed 8:6.9.10.8+dfsg-1ubuntu2.2
released
disco
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
needed
xenial
Fixed 8:6.8.9.9-7ubuntu5.14
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ImageMagick
RHEL 7
0:6.9.10.68-3.el7
fixed
ImageMagick-c
RHEL 7
0:6.9.10.68-3.el7
fixed
ImageMagick-devel
RHEL 7
0:6.9.10.68-3.el7
fixed
ImageMagick-doc
RHEL 7
0:6.9.10.68-3.el7
fixed
ImageMagick-perl
RHEL 7
0:6.9.10.68-3.el7
fixed
autotrace
RHEL 7
0:0.31.1-38.el7
fixed
autotrace-devel
RHEL 7
0:0.31.1-38.el7
fixed
emacs
RHEL 7
1:24.3-23.el7
fixed
emacs-common
RHEL 7
1:24.3-23.el7
fixed
emacs-el
RHEL 7
1:24.3-23.el7
fixed
emacs-filesystem
RHEL 7
1:24.3-23.el7
fixed
emacs-nox
RHEL 7
1:24.3-23.el7
fixed
emacs-terminal
RHEL 7
1:24.3-23.el7
fixed
inkscape
RHEL 7
0:0.92.2-3.el7
fixed
inkscape-docs
RHEL 7
0:0.92.2-3.el7
fixed
inkscape-view
RHEL 7
0:0.92.2-3.el7
fixed
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105137
https://github.com/ImageMagick/ImageMagick/issues/1255
https://usn.ubuntu.com/4034-1/
http://www.securityfocus.com/bid/105137
https://github.com/ImageMagick/ImageMagick/issues/1255
https://usn.ubuntu.com/4034-1/