In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
{ "vanir_signatures": [ { "signature_type": "Line", "digest": { "line_hashes": [ "298871696389629155284717183490975032472", "28410204597529120706238128142211346520", "266622275964940873483939931408488320853", "242540208099304219285832213890642484568" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/imagemagick/imagemagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4", "id": "CVE-2018-16749-c74ff6cf", "target": { "file": "coders/png.c" }, "deprecated": false }, { "signature_type": "Function", "digest": { "length": 14962.0, "function_hash": "4859487235691391041003765874819701615" }, "signature_version": "v1", "source": "https://github.com/imagemagick/imagemagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4", "id": "CVE-2018-16749-fc5a5880", "target": { "function": "ReadOneJNGImage", "file": "coders/png.c" }, "deprecated": false } ] }