Out of Bounds Write Vulnerability in ImageMagick Software from ImageMagick
CVE-2018-12599

8.8HIGH

Key Information:

Vendor

Debian
Status
Debian Linux
Ubuntu Linux
Vendor
CVE Published:
20 June 2018

What is CVE-2018-12599?

In ImageMagick versions prior to an update, the functions ReadBMPImage and WriteBMPImage within coders/bmp.c are susceptible to an out of bounds write vulnerability. This flaw allows an attacker to exploit crafted BMP files, potentially compromising the integrity and security of the application. It is essential for users to remain vigilant and apply the necessary updates to mitigate any risks associated with this vulnerability.

References

https://lists.debian.org/debian-lts-announce/2018/06/msg0...
mailing-listx_refsource_MLIST
https://usn.ubuntu.com/3711-1/
vendor-advisoryx_refsource_UBUNTU
https://github.com/ImageMagick/ImageMagick/issues/1177
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.