CVE-2018-9133

Published: Mar 30, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.

Affected (5)

Products: Imagemagick: Imagemagick · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Version 7.0.7-26 q16

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 17.10
Canonical Ubuntu Linux	Version 18.04

Related CWEs

Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

References (6)

https://github.com/ImageMagick/ImageMagick/issues/1072

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html

Source: cve@mitre.org

https://usn.ubuntu.com/3681-1/

Source: cve@mitre.org

Third Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/1072

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3681-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.