Your submission was sent successfully! Close

CVE-2018-14551

Published: 23 July 2018

The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.

Notes

AuthorNote
sbeattie
introduced in imagemagick6 in
210474b2fac6a661bfa7ed563213920e93e76395
safe to apply fix in any event
ReadMATImageV4 introduced in
e806bc5559474b19114faf235266dbb8f6b206ee, predates xenial etc
Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
bionic
Released (8:6.9.7.4+dfsg-16ubuntu6.4)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream
Released (6.9.10-8)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://github.com/ImageMagick/ImageMagick/commit/389ecc365a7c61404ba078a72c3fa5a3cf1b4101
upstream: https://github.com/ImageMagick/ImageMagick6/commit/db7a4be592328af06d776ce3bab24b8c6de5be20 (im6)