CVE-2018-16642

Published: 6 September 2018

The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
imagemagick Launchpad, Ubuntu, Debian	bionic	Released (8:6.9.7.4+dfsg-16ubuntu6.4)
	precise	Does not exist
	trusty	Does not exist (trusty was released [8:6.7.7.10-6ubuntu3.13])
	upstream	Released (8:6.9.10.2+dfsg-2)
	xenial	Released (8:6.8.9.9-7ubuntu5.13)
	Patches: upstream: https://github.com/ImageMagick/ImageMagick/commit/cc4ac341f29fa368da6ef01c207deaf8c61f6a2e upstream: https://github.com/ImageMagick/ImageMagick6/commit/97bb5dc5aad1584557057d5062601aa151bf9a13

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16642
https://github.com/ImageMagick/ImageMagick/issues/1162
https://ubuntu.com/security/notices/USN-3785-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2018-16642

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading