PT-2018-3176 · Imagemagick+4 · Imagemagick+4

Zongming Wang

Published

2018-06-20

Updated

2020-04-08

CVE-2018-12600

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.0.8-3 Q16

Description The issue is related to the ReadDIBImage and WriteDIBImage functions in the coders/dib.c file of the ImageMagick console graphic editor. It involves a buffer overflow, where writing beyond the memory buffer boundaries can occur. This can be exploited by a remote attacker using a specially crafted file, potentially allowing them to execute arbitrary code.

Recommendations For ImageMagick version 7.0.8-3 Q16, consider disabling the ReadDIBImage and WriteDIBImage functions in coders/dib.c as a temporary workaround until a patch is available. Restrict access to these functions to minimize the risk of exploitation. Avoid using crafted files that could trigger the out of bounds write vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2019-04307

CESA-2020_1180

CVE-2018-12600

DLA-1394-1

DSA-4245-1

OPENSUSE-SU-2018_2123-1

OPENSUSE-SU-2018_3225-1

RHSA-2020:1180

RHSA-2020_1180

SUSE-SU-2018:2043-1

SUSE-SU-2018:2465-1

SUSE-SU-2018:3191-1

USN-3711-1

Affected Products

Centos

Imagemagick

Red Hat

Suse

Ubuntu

PT-2018-3176 · Imagemagick+4 · Imagemagick+4

CVE-2018-12600

Weakness Enumeration

Related Identifiers

Affected Products

References · 63