CVE-2018-16328

Published: 01 September 2018

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
Upstream
Released (8:6.9.10.8+dfsg-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
Patches:
Other: https://github.com/ImageMagick/ImageMagick/commit/107ce8577e818cf4801e5a59641cb769d645cc95
Other: https://github.com/ImageMagick/ImageMagick6/commit/68e4f4d22abaf97b61019ea85f74e2f639d0e93e

Notes

AuthorNote
sbeattie
introduced in 6.x by 403c002c5c7ff120c09683d6f263b66d2b83c9b4
(6.9.9-22)

References