CVE-2018-11624

Published: 31 May 2018

In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(8:6.9.7.4+dfsg-16ubuntu6)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://github.com/ImageMagick/ImageMagick6/commit/172d82afe89d3499ef0cab06dc58d380cc1ab946

Notes

AuthorNote
mdeslaur
fixed by 0105-CVE-2017-11644.patch (typo in CVE number)
vulnerability doesn't look present in trusty and xenial

References

Bugs