VIR Vulnerability Intelligence Relay

CVE-2018-16329

unknown
Published β€” Β· Modified β€”
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
β€”

Description

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker Β· View original β†— Β· DFSG

CVE-2018-16329 NameCVE-2018-16329 DescriptionIn ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed packages The table below lists information on…

CVE-2018-16329

NameCVE-2018-16329
DescriptionIn ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
imagemagick (PTS)bullseye8:6.9.11.60+dfsg-1.3+deb11u4fixed
bullseye (security)8:6.9.11.60+dfsg-1.3+deb11u12fixed
bookworm8:6.9.11.60+dfsg-1.6+deb12u9fixed
bookworm (security)8:6.9.11.60+dfsg-1.6+deb12u10fixed
trixie8:7.1.1.43+dfsg1-1+deb13u8fixed
trixie (security)8:7.1.1.43+dfsg1-1+deb13u9fixed
forky8:7.1.2.21+dfsg1-1fixed
sid8:7.1.2.23+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
imagemagicksource(unstable)(not affected)

Notes

- imagemagick <not-affected> (Only affects 7.x)
https://github.com/ImageMagick/ImageMagick/issues/1225
Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2c75f301d9ac84f91071393b02d8c88c8341c91c

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
- imagemagick <not-affected> (Only affects 7.x)https://github.com/ImageMagick/ImageMagick/issues/1225Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2c75f301d9ac84f91071393b02d8c88c8341c91c

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debianbookwormfixed0
debian debianbullseyefixed0
debian debianforkyfixed0
debian debiansidfixed0
debian debiantrixiefixed0

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.