CVE-2018-8804

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.7-25 Q16

Description The issue is related to the WriteEPTImage function in the coders/ept.c component of ImageMagick, which allows remote attackers to cause a denial of service, potentially leading to an application crash due to a double free error in MagickCore/memory.c. It may also have other unspecified impacts via a crafted file. Exploitation of this issue could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file.

Recommendations For ImageMagick version 7.0.7-25 Q16, consider disabling the WriteEPTImage function in coders/ept.c as a temporary workaround until a patch is available. Restrict access to potentially vulnerable files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.