Jump to:

CVE-2018-16323

Jump to:

CVE-2018-16323

Package ImageMagick updated to version 6.9.10.9-alt1 for branch sisyphus in task 211114.

Published: 2018-09-01
Modified: 2024-11-21

CVE-2018-16323

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786
https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786
USN-3785-1
USN-3785-1
USN-4034-1
USN-4034-1
45890
45890

Version: 2.1.0

Package ImageMagick update in sisyphus on 2018-08-07

ALT-PU-2018-2106-1

Closed vulnerabilities

CVE-2018-16323