First published: Mon Dec 17 2018(Updated: )
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Graphicsmagick Graphicsmagick | =1.3.31 | |
Debian Debian Linux | =8.0 | |
debian/graphicsmagick | 1.4+really1.3.36+hg16481-2+deb11u1 1.4+really1.3.40-4 1.4+really1.3.45-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20189 is a vulnerability found in GraphicsMagick 1.3.31 that allows a crash and denial of service via a crafted dib file.
The severity of CVE-2018-20189 is medium with a severity value of 6.5.
CVE-2018-20189 affects GraphicsMagick 1.3.31, causing a crash and denial of service when processing a crafted dib file.
To fix CVE-2018-20189, you should update your GraphicsMagick installation to version 1.4+really1.3.35-1~deb10u2 or later.
Yes, you can find more information about CVE-2018-20189 at the following links: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589, http://www.securityfocus.com/bid/106227, https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html.