CVE-2018-12599

Published: Jun 20, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.

Affected (7)

Products: Canonical: Ubuntu Linux · Debian: Debian Linux · Imagemagick: Imagemagick

1 product

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 17.10
Canonical Ubuntu Linux	Version 18.04
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Version 7.0.8-3

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

https://github.com/ImageMagick/ImageMagick/issues/1177

Source: cve@mitre.org

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/06/msg00004.html

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3711-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4245

Source: cve@mitre.org

Third Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/1177

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/06/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3711-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4245

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.