CVE-2018-15607
Published: 21 August 2018
In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
Notes
Author | Note |
---|---|
sbeattie |
no code fix upstream, solution is to limit sizes allowed in policy.xml file some resource limits were not in place until 2018; e.g. 00097eb42c2ea812d4a26e6683b000d4354f5fad 4d0ac66c9778faebd2d1fac7140462b043626458 1aea20aa815c41e9e2edbebb09fcdedfec064c89 60658b89de660ce8f5a2e795a0a76d3755bcef15 4493d9ca1124564da17f9b628ef9d0f1a6be9738 b8e26639f76b2e9f965584106a6819ee1d50095b 740985d9bd3f1c50d622c3496bb2e75d44b65a91 (CVE-2017-18028) bionic and newer versions have policy limits in place by default that prevent the issue |
mdeslaur |
adding this commit to bionic causes test failures, need to investigate further. |
Priority
Status
Package | Release | Status |
---|---|---|
imagemagick
Launchpad, Ubuntu, Debian |
bionic |
Released
(8:6.9.7.4+dfsg-16ubuntu6.7)
|
cosmic |
Released
(8:6.9.10.8+dfsg-1ubuntu2.2)
|
|
disco |
Not vulnerable
(8:6.9.10.14+dfsg-7ubuntu2)
|
|
focal |
Not vulnerable
(8:6.9.10.14+dfsg-7ubuntu2)
|
|
jammy |
Not vulnerable
(8:6.9.10.14+dfsg-7ubuntu2)
|
|
kinetic |
Not vulnerable
(8:6.9.10.14+dfsg-7ubuntu2)
|
|
lunar |
Not vulnerable
(8:6.9.10.14+dfsg-7ubuntu2)
|
|
mantic |
Not vulnerable
(8:6.9.10.14+dfsg-7ubuntu2)
|
|
noble |
Not vulnerable
(8:6.9.10.14+dfsg-7ubuntu2)
|
|
trusty |
Needed
|
|
upstream |
Needs triage
|
|
xenial |
Released
(8:6.8.9.9-7ubuntu5.14)
|
|
Patches:
upstream: https://github.com/ImageMagick/ImageMagick6/commit/d5e7c2b5ba384e7d0d8ddac6c9ae2319cb74b9c5 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |