CVE-2018-20189
Last modified
CVE-2018-20189 is a vulnerability of currently unknown severity. In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.. EPSS estimates a 2.28% chance of exploitation in the next 30 days.
Description
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Graphicsmagick | Graphicsmagick | 1.3.31 |
| Debian | Debian Linux | 8.0 |
References
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589Mailing List, Patch, Vendor Advisory
- http://www.securityfocus.com/bid/106227Third Party Advisory, VDB Entry
- https://lists.debian.org/debian-lts-announce/2018/12/msg00018.htmlMailing List, Third Party Advisory
- https://sourceforge.net/p/graphicsmagick/bugs/585/Exploit, Third Party Advisory
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589Mailing List, Patch, Vendor Advisory
- http://www.securityfocus.com/bid/106227Third Party Advisory, VDB Entry
- https://lists.debian.org/debian-lts-announce/2018/12/msg00018.htmlMailing List, Third Party Advisory
- https://sourceforge.net/p/graphicsmagick/bugs/585/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-20189?
How severe is CVE-2018-20189?
How do I fix CVE-2018-20189?
Are you affected by CVE-2018-20189?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST