CVE-2018-14551

Published: 23 July 2018

The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian 		Upstream
Released (6.9.10-8)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (8:6.9.7.4+dfsg-16ubuntu6.4)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://github.com/ImageMagick/ImageMagick/commit/389ecc365a7c61404ba078a72c3fa5a3cf1b4101
Upstream: https://github.com/ImageMagick/ImageMagick6/commit/db7a4be592328af06d776ce3bab24b8c6de5be20 (im6)

Notes

AuthorNote
sbeattie 
introduced in imagemagick6 in
210474b2fac6a661bfa7ed563213920e93e76395
safe to apply fix in any event
ReadMATImageV4 introduced in
e806bc5559474b19114faf235266dbb8f6b206ee, predates xenial etc

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading