CVE-2018-16328
Published: 1 September 2018
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
Notes
Author | Note |
---|---|
sbeattie | introduced in 6.x by 403c002c5c7ff120c09683d6f263b66d2b83c9b4 (6.9.9-22) |
Priority
Status
Package | Release | Status |
---|---|---|
imagemagick Launchpad, Ubuntu, Debian |
upstream |
Released
(8:6.9.10.8+dfsg-1)
|
xenial |
Not vulnerable
|
|
bionic |
Not vulnerable
|
|
trusty |
Not vulnerable
|
|
Patches: other: https://github.com/ImageMagick/ImageMagick/commit/107ce8577e818cf4801e5a59641cb769d645cc95 other: https://github.com/ImageMagick/ImageMagick6/commit/68e4f4d22abaf97b61019ea85f74e2f639d0e93e |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |