CVE-2018-15607

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-15607

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15607.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-15607

Related

USN-4034-1

Published

2018-08-21T15:29:00Z

Modified

2024-08-01T08:41:49.535429Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

References

Affected packages

Debian:11 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1.3

8:6.9.11.60+dfsg-1.3+deb11u1

8:6.9.11.60+dfsg-1.3+deb11u2

8:6.9.11.60+dfsg-1.3+deb11u3

8:6.9.11.60+dfsg-1.4

8:6.9.11.60+dfsg-1.5

8:6.9.11.60+dfsg-1.6

8:6.9.12.20+dfsg1-1

8:6.9.12.20+dfsg1-1.1

8:6.9.12.20+dfsg1-1.2

8:6.9.12.98+dfsg1-1

8:6.9.12.98+dfsg1-2

8:6.9.12.98+dfsg1-3

8:6.9.12.98+dfsg1-4

8:6.9.12.98+dfsg1-5

8:6.9.12.98+dfsg1-5.1~exp1

8:6.9.12.98+dfsg1-5.1

8:6.9.12.98+dfsg1-5.2

8:6.9.13.12+dfsg1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1.6

8:6.9.11.60+dfsg-1.6+deb12u1

8:6.9.12.20+dfsg1-1

8:6.9.12.20+dfsg1-1.1

8:6.9.12.20+dfsg1-1.2

8:6.9.12.98+dfsg1-1

8:6.9.12.98+dfsg1-2

8:6.9.12.98+dfsg1-3

8:6.9.12.98+dfsg1-4

8:6.9.12.98+dfsg1-5

8:6.9.12.98+dfsg1-5.1~exp1

8:6.9.12.98+dfsg1-5.1

8:6.9.12.98+dfsg1-5.2

8:6.9.13.12+dfsg1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1.6

8:6.9.12.20+dfsg1-1

8:6.9.12.20+dfsg1-1.1

8:6.9.12.20+dfsg1-1.2

8:6.9.12.98+dfsg1-1

8:6.9.12.98+dfsg1-2

8:6.9.12.98+dfsg1-3

8:6.9.12.98+dfsg1-4

8:6.9.12.98+dfsg1-5

8:6.9.12.98+dfsg1-5.1~exp1

8:6.9.12.98+dfsg1-5.1

8:6.9.12.98+dfsg1-5.2

8:6.9.13.12+dfsg1-1

Ecosystem specific

{
    "urgency": "unimportant"
}