Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-18023

Опубликовано: 07 окт. 2018
Источник: debian
EPSS Низкий

Описание

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
imagemagickfixed8:6.9.10.14+dfsg-1package
imagemagicknot-affectedstretchpackage
imagemagicknot-affectedjessiepackage

Примечания

  • https://github.com/ImageMagick/ImageMagick/issues/1336

  • https://github.com/ImageMagick/ImageMagick/commit/5d71e23b853461dd3628cd1218834fcf13938365

  • ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a5db4873626f702d2ddd8bc293573493e0a412c0

EPSS

Процентиль: 59%
0.00377
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-18023

CVSS3: 6.5
ubuntu
больше 7 лет назад

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.

redhat логотип

CVE-2018-18023

CVSS3: 3.3
redhat
больше 7 лет назад

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.

nvd логотип

CVE-2018-18023

CVSS3: 6.5
nvd
больше 7 лет назад

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.

github логотип

GHSA-4m78-fr6r-52pp

CVSS3: 6.5
github
больше 3 лет назад

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.

EPSS

Процентиль: 59%
0.00377
Низкий