ID CVE-2018-12599
Summary In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • ImageMagick 7.0.8-3
    cpe:2.3:a:imagemagick:imagemagick:7.0.8-3
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-787
CAPEC
nessus via4
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1290.NASL
    description According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.(CVE-2018-12599) - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.(CVE-2018-12600) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117734
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117734
    title EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2018-1290)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1394.NASL
    description Several security vulnerabilities were discovered in ImageMagick, an image manipulation program, that allow remote attackers to cause denial of service (application crash) or out of bounds memory access via crafted SUN, BMP, or DIB image files. For Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u13. We recommend that you upgrade your imagemagick packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 110696
    published 2018-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110696
    title Debian DLA-1394-1 : imagemagick security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2465-1.NASL
    description This update for ImageMagick fixes the following issues: Security issues fixed : - CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237) - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204) - CVE-2017-13758: Heap-based buffer overflow in the TracePoint() in MagickCore/draw.c, which allows attackers to cause a denial of service(bsc#1056277) - CVE-2018-10805: Fixed several memory leaks in rgb.c, cmyk.c, gray.c, and ycbcr.c (bsc#1095812) - CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098545) - CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098546) - CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage in coders/mpc.c (bsc#1102003) - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007) - CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005) - CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 112055
    published 2018-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112055
    title SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:2465-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-778.NASL
    description This update for ImageMagick fixes the following issues : The following security vulnerabilities were fixed : - CVE-2018-11625: Fixed heap-based buffer over-read in SetGrayscaleImage in the quantize.c file, which allowed remote attackers to cause buffer over-read via a crafted file. (bsc#1096200) - CVE-2018-11624: Fixed a use-after-free issue in the ReadMATImage function in coders/mat.c. (bsc#1096203) - CVE-2018-10805: Fixed several memory leaks in bgr.c, rgb.c, cmyk.c, gray.c, and ycbcr.c (bsc#1095812) - CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098545). - CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098546). The following other changes were made : - Fix -gamma issues in special cases. (bsc#1094745, bsc#1094742) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 111430
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111430
    title openSUSE Security Update : ImageMagick (openSUSE-2018-778)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1291.NASL
    description According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.(CVE-2018-12599) - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.(CVE-2018-12600) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117735
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117735
    title EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2018-1291)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3711-1.NASL
    description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111039
    published 2018-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111039
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3711-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4245.NASL
    description This update fixes several vulnerabilities in Imagemagick, a graphical software suite. Various memory handling problems or incomplete input sanitising could result in denial of service or the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 111088
    published 2018-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111088
    title Debian DSA-4245-1 : imagemagick - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1197.NASL
    description This update for ImageMagick fixes the following issues : Security issues fixed : - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072). - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747). - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746). - CVE-2018-12600: ReadDIBImage and WriteDIBImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098545) - CVE-2018-12599: ReadBMPImage and WriteBMPImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098546) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-10-19
    plugin id 118219
    published 2018-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118219
    title openSUSE Security Update : ImageMagick (openSUSE-2018-1197)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2043-1.NASL
    description This update for ImageMagick fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-11625: Fixed heap-based buffer over-read in SetGrayscaleImage in the quantize.c file, which allowed remote attackers to cause buffer over-read via a crafted file. (bsc#1096200) - CVE-2018-11624: Fixed a use-after-free issue in the ReadMATImage function in coders/mat.c. (bsc#1096203) - CVE-2018-10805: Fixed several memory leaks in bgr.c, rgb.c, cmyk.c, gray.c, and ycbcr.c (bsc#1095812) - CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098545). - CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098546). The following other changes were made : - Fix -gamma issues in special cases. (bsc#1094745, bsc#1094742) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120058
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120058
    title SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2018:2043-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3191-1.NASL
    description This update for ImageMagick fixes the following issues : Security issues fixed : CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (bsc#1111069) CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072). CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747). CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746). CVE-2018-12600: ReadDIBImage and WriteDIBImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098545) CVE-2018-12599: ReadBMPImage and WriteBMPImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098546) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118198
    published 2018-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118198
    title SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:3191-1)
refmap via4
confirm https://github.com/ImageMagick/ImageMagick/issues/1177
debian DSA-4245
mlist [debian-lts-announce] 20180626 [SECURITY] [DLA 1394-1] imagemagick security update
ubuntu USN-3711-1
Last major update 20-06-2018 - 14:29
Published 20-06-2018 - 14:29
Last modified 09-08-2018 - 07:05
Back to Top