What is CVE-2018-5248?

CVE-2018-5248 is a vulnerability in ImageMagick 7.0.7-17 Q16 that allows for a heap-based buffer over-read in the ReadSIXELImage function.

How severe is CVE-2018-5248?

CVE-2018-5248 has a severity score of 8.8, indicating a high severity.

Which versions of ImageMagick are affected by CVE-2018-5248?

ImageMagick 7.0.7-17 Q16 is affected by CVE-2018-5248.

How can I fix CVE-2018-5248?

To fix CVE-2018-5248, you should update ImageMagick to version 8:6.9.7.4+dfsg-16ubuntu2.2 or higher.

Where can I find more information about CVE-2018-5248?

You can find more information about CVE-2018-5248 at the following references: [GitHub](https://github.com/ImageMagick/ImageMagick/issues/927), [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2018-5248), [CVE Mitre](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5248).

Vulnerability/
CVE-2018-5248

high

8.8

CWE

125

5/1/2018

21/11/2024

CVE-2018-5248

First published: Fri Jan 05 2018(Updated: )

In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ImageMagick ImageMagick	=7.0.7-17
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=17.10
Canonical Ubuntu Linux	=18.04
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3

Remedy

https://github.com/ImageMagick/ImageMagick/commit/c76434c16b5ac8861ee0c5d5c3ab8974fae3d624

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-5248?
CVE-2018-5248 is a vulnerability in ImageMagick 7.0.7-17 Q16 that allows for a heap-based buffer over-read in the ReadSIXELImage function.
How severe is CVE-2018-5248?
CVE-2018-5248 has a severity score of 8.8, indicating a high severity.
Which versions of ImageMagick are affected by CVE-2018-5248?
ImageMagick 7.0.7-17 Q16 is affected by CVE-2018-5248.
How can I fix CVE-2018-5248?
To fix CVE-2018-5248, you should update ImageMagick to version 8:6.9.7.4+dfsg-16ubuntu2.2 or higher.
Where can I find more information about CVE-2018-5248?
You can find more information about CVE-2018-5248 at the following references: [GitHub](https://github.com/ImageMagick/ImageMagick/issues/927), [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2018-5248), [CVE Mitre](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5248).

collector/debian-bugs
alias/CVE-2018-5248
collector/nvd-index
agent/type
agent/author
collector/launchpad-cve
source/Launchpad
agent/remedy
agent/weakness
agent/severity
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/references
agent/tags
agent/first-publish-date
agent/event
agent/description
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/trending
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.7-17
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/17.10
version/canonical ubuntu linux/18.04
package-manager/debian