CVE-2018-15607

Published: 8/21/2018 Last updated: 8/5/2024 Reserved: 8/21/2018

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 9.30

References (6)

https://github.com/ImageMagick/ImageMagick/issues/1255
http://www.securityfocus.com/bid/105137
https://usn.ubuntu.com/4034-1/
https://github.com/ImageMagick/ImageMagick/issues/1255
http://www.securityfocus.com/bid/105137
https://usn.ubuntu.com/4034-1/