Memory Leak in ImageMagick and GraphicsMagick Software
CVE-2018-18544

6.5MEDIUM

Key Information:

Vendor
Imagemagick
Status
Imagemagick
Graphicsmagick
Vendor
CVE Published:
21 October 2018

Summary

A memory leak exists in the WriteMSLImage function of ImageMagick version 7.0.8-13 Q16 and in the ProcessMSLScript function of GraphicsMagick prior to version 1.3.31. This vulnerability can lead to increased memory consumption over time, potentially affecting application performance and stability. It's crucial for users of these software products to apply the recommended updates to mitigate the risks associated with this vulnerability.

References

https://github.com/ImageMagick/ImageMagick/issues/1360
x_refsource_MISC
http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.