What is the severity of CVE-2018-13153?

The severity of CVE-2018-13153 is classified as moderate due to its memory leak nature in ImageMagick.

How can I fix CVE-2018-13153?

To fix CVE-2018-13153, upgrade ImageMagick to a version higher than 7.0.8-4.

Which versions of ImageMagick are affected by CVE-2018-13153?

CVE-2018-13153 affects ImageMagick version 7.0.8-4 and earlier versions.

What type of vulnerability is CVE-2018-13153?

CVE-2018-13153 is a memory leak vulnerability found in the XMagickCommand function.

Is CVE-2018-13153 exploitable remotely?

CVE-2018-13153 is not directly exploitable remotely, but it can affect applications processing untrusted images.

Vulnerability/
CVE-2018-13153

medium

6.5

CWE

772

4/7/2018

5/7/2018

5/8/2024

CVE-2018-13153

First published: Wed Jul 04 2018(Updated: )

A flaw was found in ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. References: <a href="https://github.com/ImageMagick/ImageMagick/issues/1195">https://github.com/ImageMagick/ImageMagick/issues/1195</a> Upstream Patch: <a href="https://github.com/ImageMagick/ImageMagick/commit/4ab4849d667e26df0e63ece9d63ae23bc7ab0fa1">https://github.com/ImageMagick/ImageMagick/commit/4ab4849d667e26df0e63ece9d63ae23bc7ab0fa1</a> <a href="https://github.com/ImageMagick/ImageMagick6/commit/6ce6d25b47caf9b6b2979a510b6202ce0f3dd2d4">https://github.com/ImageMagick/ImageMagick6/commit/6ce6d25b47caf9b6b2979a510b6202ce0f3dd2d4</a>

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
IBM Data Risk Manager	<=2.0.6
ubuntu/imagemagick	<8:6.9.7.4+dfsg-16ubuntu2.3	8:6.9.7.4+dfsg-16ubuntu2.3
ubuntu/imagemagick	<8:6.9.7.4+dfsg-16ubuntu6.3	8:6.9.7.4+dfsg-16ubuntu6.3
ubuntu/imagemagick	<8:6.7.7.10-6ubuntu3.12	8:6.7.7.10-6ubuntu3.12
ubuntu/imagemagick	<8:6.8.9.9-7ubuntu5.12	8:6.8.9.9-7ubuntu5.12
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u1 8:6.9.13.12+dfsg1-1
ImageMagick	=7.0.8-4
Ubuntu Linux	=14.04
Ubuntu Linux	=16.04
Ubuntu Linux	=17.10
Ubuntu Linux	=18.04

Remedy

https://github.com/ImageMagick/ImageMagick6/commit/6ce6d25b47caf9b6b2979a510b6202ce0f3dd2d4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2018-13153?
The severity of CVE-2018-13153 is classified as moderate due to its memory leak nature in ImageMagick.
How can I fix CVE-2018-13153?
To fix CVE-2018-13153, upgrade ImageMagick to a version higher than 7.0.8-4.
Which versions of ImageMagick are affected by CVE-2018-13153?
CVE-2018-13153 affects ImageMagick version 7.0.8-4 and earlier versions.
What type of vulnerability is CVE-2018-13153?
CVE-2018-13153 is a memory leak vulnerability found in the XMagickCommand function.
Is CVE-2018-13153 exploitable remotely?
CVE-2018-13153 is not directly exploitable remotely, but it can affect applications processing untrusted images.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-13153
agent/remedy
agent/weakness
agent/severity
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/description
collector/usn-cve
source/Ubuntu
agent/references
collector/security-tracker-debian
source/Debian
collector/launchpad-cve
source/Launchpad
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
vendor/ibm
canonical/ibm data risk manager
version/ibm data risk manager/2.0.6
package-manager/ubuntu
package-manager/debian
vendor/imagemagick
canonical/imagemagick
version/imagemagick/7.0.8-4
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/14.04
version/ubuntu linux/16.04
version/ubuntu linux/17.10
version/ubuntu linux/18.04