4.3
CVSSv2

CVE-2018-16323

Published: 01/09/2018 Updated: 25/06/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 436
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

ReadXBMImage in coders/xbm.c in ImageMagick prior to 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.

Vulnerability Trend

Vendor Advisories

Debian Bug report logs - #910889 imagemagick: CVE-2018-16645 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 12 Oct 2018 19:27:01 UTC Severity: grave Tags: fixed-upstr ...
Debian Bug report logs - #907776 imagemagick: CVE-2018-16323 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 1 Sep 2018 20:24:02 UTC Severity: important Tags: patch, ...
Debian Bug report logs - #910888 imagemagick: CVE-2018-16644 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 12 Oct 2018 19:24:01 UTC Severity: grave Tags: fixed-upstr ...
Several security issues were fixed in ImageMagick ...
Debian Bug report logs - #910887 imagemagick: CVE-2018-16412 CVE-2018-16413 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 12 Oct 2018 19:18:02 UTC Severity: grave Ta ...
Several security issues were fixed in ImageMagick ...
Oracle Solaris Third Party Bulletin - October 2018 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critic ...

Exploits

#!/bin/bash help() { echo "Usage poc generator: `basename $0` gen WIDTHxHEIGHT NAMExbm [minimal]" echo " Example gen: `basename $0` gen 512x512 pocxbm" echo "Usage result recovery: `basename $0` recover SAVED_PREVIEWpng|jpeg|gif|etc" echo " Example recovery: `basename $0` recover avatarpng" } if [ "$1" == "-h" ]; then help; exit ...

Github Repositories

Tool for CVE-2018-16323

XBadManners CVE Description CVE-2018-16323 is a memory leakage in processing XBM images After XBM image was converted to another image type you can extract leaked memory bytes from image data Discovered by d4d Tool A pretty simple tool for generating CVE-2018-16323 PoC Directory samples contains some pregenerated PoCs easy for use For using this tool you should install ima

Exploit Development Table of Contents General Stuff/Techniques Acquiring Old/Vulnerable Software Practice Exploit Dev/Structured Learning Exploit Dev Papers bof ROP BlindROP SignalROP JumpROP Heap Format String Integer Overflows Null Ptr Dereference JIT-Spray ASLR Kernel Exploitation Use After Free Other writing shellcode Windows Specific Linux specific Tutorials AV B

Localroot Compile

Localroot Exploit This repository is a place where Localroot has been compiled and tested Linux Kernel Exploit with Compile #CVE  #Description  #Kernels Linux kernel XFRM Subsystem UAF [3x - 5x kernels] (Ubuntu 1404 / 1604 Server 44 LTS kernels, CentOS 8 418 kernels, Red Hat Enterprise Linux 4 418 kernels, Ubuntu 1804 Server LTS 415 kernels) CVE-2020-72

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr