CVE-2018-15607

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-15607
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-15607.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-15607
Related
Published
2018-08-21T15:29:00Z
Modified
2024-07-30T06:31:53.112270Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

References

Affected packages

Debian:11 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1.3
8:6.9.11.60+dfsg-1.3+deb11u1
8:6.9.11.60+dfsg-1.3+deb11u2
8:6.9.11.60+dfsg-1.3+deb11u3
8:6.9.11.60+dfsg-1.4
8:6.9.11.60+dfsg-1.5
8:6.9.11.60+dfsg-1.6
8:6.9.12.20+dfsg1-1
8:6.9.12.20+dfsg1-1.1
8:6.9.12.20+dfsg1-1.2
8:6.9.12.98+dfsg1-1
8:6.9.12.98+dfsg1-2
8:6.9.12.98+dfsg1-3
8:6.9.12.98+dfsg1-4
8:6.9.12.98+dfsg1-5
8:6.9.12.98+dfsg1-5.1~exp1
8:6.9.12.98+dfsg1-5.1
8:6.9.12.98+dfsg1-5.2
8:6.9.13.12+dfsg1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1.6
8:6.9.11.60+dfsg-1.6+deb12u1
8:6.9.12.20+dfsg1-1
8:6.9.12.20+dfsg1-1.1
8:6.9.12.20+dfsg1-1.2
8:6.9.12.98+dfsg1-1
8:6.9.12.98+dfsg1-2
8:6.9.12.98+dfsg1-3
8:6.9.12.98+dfsg1-4
8:6.9.12.98+dfsg1-5
8:6.9.12.98+dfsg1-5.1~exp1
8:6.9.12.98+dfsg1-5.1
8:6.9.12.98+dfsg1-5.2
8:6.9.13.12+dfsg1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1.6
8:6.9.12.20+dfsg1-1
8:6.9.12.20+dfsg1-1.1
8:6.9.12.20+dfsg1-1.2
8:6.9.12.98+dfsg1-1
8:6.9.12.98+dfsg1-2
8:6.9.12.98+dfsg1-3
8:6.9.12.98+dfsg1-4
8:6.9.12.98+dfsg1-5
8:6.9.12.98+dfsg1-5.1~exp1
8:6.9.12.98+dfsg1-5.1
8:6.9.12.98+dfsg1-5.2
8:6.9.13.12+dfsg1-1

Ecosystem specific

{
    "urgency": "unimportant"
}