PT-2018-3176 · Imagemagick+4 · Imagemagick+4

Zongming Wang

Publicado

2018-06-20

Atualizado

2020-04-08

CVE-2018-12600

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.0.8-3 Q16

Description The issue is related to the ReadDIBImage and WriteDIBImage functions in the coders/dib.c file of the ImageMagick console graphic editor. It involves a buffer overflow, where writing beyond the memory buffer boundaries can occur. This can be exploited by a remote attacker using a specially crafted file, potentially allowing them to execute arbitrary code.

Recommendations For ImageMagick version 7.0.8-3 Q16, consider disabling the ReadDIBImage and WriteDIBImage functions in coders/dib.c as a temporary workaround until a patch is available. Restrict access to these functions to minimize the risk of exploitation. Avoid using crafted files that could trigger the out of bounds write vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

BDU:2019-04307

CESA-2020_1180

CVE-2018-12600

DLA-1394-1

DSA-4245-1

OPENSUSE-SU-2018_2123-1

OPENSUSE-SU-2018_3225-1

RHSA-2020:1180

RHSA-2020_1180

SUSE-SU-2018:2043-1

SUSE-SU-2018:2465-1

SUSE-SU-2018:3191-1

USN-3711-1

Produtos afetados

Centos

Imagemagick

Red Hat

Suse

Ubuntu

PT-2018-3176 · Imagemagick+4 · Imagemagick+4

CVE-2018-12600

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 63