Published: 01/09/2018 Updated: 28/04/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

ReadXBMImage in coders/xbm.c in ImageMagick prior to 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
imagemagick imagemagick
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
canonical ubuntu linux 19.04

Several security issues were fixed in ImageMagick ...

Debian Bug report logs - #910888 imagemagick: CVE-2018-16644 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 12 Oct 2018 19:24:01 UTC Severity: grave Tags: fixed-upstr ...

Debian Bug report logs - #907776 imagemagick: CVE-2018-16323 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 1 Sep 2018 20:24:02 UTC Severity: important Tags: patch, ...

Debian Bug report logs - #910887 imagemagick: CVE-2018-16412 CVE-2018-16413 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 12 Oct 2018 19:18:02 UTC Severity: grave Ta ...

Debian Bug report logs - #910889 imagemagick: CVE-2018-16645 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 12 Oct 2018 19:27:01 UTC Severity: grave Tags: fixed-upstr ...

#!/bin/bash help() { echo "Usage poc generator: `basename $0` gen WIDTHxHEIGHT NAMExbm [minimal]" echo " Example gen: `basename $0` gen 512x512 pocxbm" echo "Usage result recovery: `basename $0` recover SAVED_PREVIEWpng|jpeg|gif|etc" echo " Example recovery: `basename $0` recover avatarpng" } if [ "$1" == "-h" ]; then help; exit ...

Tool for CVE-2018-16323

XBadManners CVE Description CVE-2018-16323 is a memory leakage in processing XBM images After XBM image was converted to another image type you can extract leaked memory bytes from image data Discovered by d4d Tool A pretty simple tool for generating CVE-2018-16323 PoC Directory samples contains some pregenerated PoCs easy for use For using this tool you should install ima

CWE-200 https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786 https://usn.ubuntu.com/3785-1/https://www.exploit-db.com/exploits/45890/https://usn.ubuntu.com/4034-1/https://nvd.nist.gov https://usn.ubuntu.com/3785-1/https://www.exploit-db.com/exploits/45890/

CVE-2018-16323

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect