CVE-2018-16749

Published: 9 September 2018

In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
imagemagick Launchpad, Ubuntu, Debian	bionic	Released (8:6.9.7.4+dfsg-16ubuntu6.4)
	precise	Does not exist
	trusty	Does not exist (trusty was released [8:6.7.7.10-6ubuntu3.13])
	upstream	Released (8:6.9.10.2+dfsg-2)
	xenial	Released (8:6.8.9.9-7ubuntu5.13)
	Patches: upstream: https://github.com/ImageMagick/ImageMagick/commit/3fd58ce46f4a731043e5b7ccf81400d5f60f9a35 upstream: https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16749
https://github.com/ImageMagick/ImageMagick/issues/1119
https://ubuntu.com/security/notices/USN-3785-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2018-16749

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading