CVE-2018-8960

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.7-26 Q16

Description The issue is related to the ReadTIFFImage function in coders/tiff.c, which does not properly restrict memory allocation. This leads to a heap-based buffer over-read, potentially allowing a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For ImageMagick version 7.0.7-26 Q16, consider disabling the ReadTIFFImage function as a temporary workaround until a patch is available. Restrict access to the coders/tiff.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.