CVE-2018-16645
- Source
- https://cve.org/CVERecord?id=CVE-2018-16645
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16645.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-16645
- Downstream
- Related
- Published
- 2018-09-06T22:29:01.427Z
- Modified
- 2026-04-16T06:20:11.414422832Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.
- References
-
- https://usn.ubuntu.com/4034-1/
- https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html
- https://usn.ubuntu.com/3785-1/
- https://www.debian.org/security/2018/dsa-4316
- https://github.com/ImageMagick/ImageMagick/issues/1268
- https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832
Affected packages
Git / github.com/imagemagick/imagemagick
Affected versions
7.*
7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.2-0
7.0.2-1
7.0.2-10
7.0.2-2
7.0.2-3
7.0.2-4
7.0.2-5
7.0.2-6
7.0.2-7
7.0.2-8
7.0.2-9
7.0.3-0
7.0.3-1
7.0.3-10
7.0.3-2
7.0.3-3
7.0.3-4
7.0.3-5
7.0.3-6
7.0.3-7
7.0.3-8
7.0.3-9
7.0.4-0
7.0.4-1
7.0.4-10
7.0.4-2
7.0.4-3
7.0.4-4
7.0.4-5
7.0.4-6
7.0.4-7
7.0.4-8
7.0.4-9
7.0.5-0
7.0.5-1
7.0.5-10
7.0.5-2
7.0.5-3
7.0.5-4
7.0.5-5
7.0.5-6
7.0.5-7
7.0.5-8
7.0.5-9
7.0.6-0
7.0.6-1
7.0.6-2
7.0.6-3
7.0.6-4
7.0.6-5
7.0.6-6
7.0.6-7
7.0.6-8
7.0.6-9
7.0.7-0
7.0.7-1
7.0.7-10
7.0.7-11
7.0.7-12
7.0.7-13
7.0.7-14
7.0.7-15
7.0.7-16
7.0.7-17
7.0.7-18
7.0.7-19
7.0.7-2
7.0.7-20
7.0.7-21
7.0.7-22
7.0.7-23
7.0.7-24
7.0.7-25
7.0.7-26
7.0.7-27
7.0.7-28
7.0.7-29
7.0.7-3
7.0.7-30
7.0.7-31
7.0.7-32
7.0.7-33
7.0.7-34
7.0.7-35
7.0.7-36
7.0.7-37
7.0.7-38
7.0.7-39
7.0.7-4
7.0.7-5
7.0.7-6
7.0.7-8
7.0.7-9
7.0.7.7
7.0.8-0
7.0.8-1
7.0.8-10
7.0.8-11
7.0.8-2
7.0.8-3
7.0.8-4
7.0.8-5
7.0.8-6
7.0.8-7
7.0.8-8
7.0.8-9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16645.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
}
]
vanir_signatures
[
{
"target": {
"file": "coders/bmp.c"
},
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"15432323788640904581586324437415287737",
"197524835849256849431995192612318409024",
"111114671530186682541294304784655426337",
"21105784068787724412190492541832327334"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832",
"id": "CVE-2018-16645-cdb93065"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 23722.0,
"function_hash": "183654264590231335719891573908412061695"
},
"target": {
"function": "ReadBMPImage",
"file": "coders/bmp.c"
},
"source": "https://github.com/imagemagick/imagemagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832",
"id": "CVE-2018-16645-e03f0064"
}
]
vanir_signatures_modified
"2026-04-11T12:27:54Z"