Out of Bounds Write Vulnerability in ImageMagick by ImageMagick Studio LLC
CVE-2018-12600

8.8HIGH

Key Information:

Vendor

Debian
Status
Debian Linux
Ubuntu Linux
Vendor
CVE Published:
20 June 2018

What is CVE-2018-12600?

The out of bounds write vulnerability in ImageMagick version 7.0.8-3 Q16 affects the ReadDIBImage and WriteDIBImage functions, allowing attackers to exploit specifically crafted files. This vulnerability could lead to unintended memory modifications, resulting in application instability or potentially enabling further attacks. It is crucial for users of ImageMagick to apply the security updates as recommended by the vendor to mitigate these risks.

References

https://lists.debian.org/debian-lts-announce/2018/06/msg0...
mailing-listx_refsource_MLIST
https://usn.ubuntu.com/3711-1/
vendor-advisoryx_refsource_UBUNTU
https://github.com/ImageMagick/ImageMagick/issues/1178
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.