CVE-2018-6799

Name of the Vulnerable Software and Affected Versions GraphicsMagick versions prior to 1.3.28

Description The issue allows remote attackers to cause a denial of service or possibly have other impact via a crafted image file. This is because a pixel staging area is not used in the AcquireCacheNexus function.

Recommendations For versions prior to 1.3.28, update to version 1.3.28 or later to resolve the issue. As a temporary workaround, consider restricting the use of the AcquireCacheNexus function until a patch is available. Avoid using the function with untrusted image files to minimize the risk of exploitation.