First published: Fri Mar 30 2018(Updated: )
A flaw was found in ImageMagick 7.0.7-26 Q16. An excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. References: <a href="https://github.com/ImageMagick/ImageMagick/issues/1072">https://github.com/ImageMagick/ImageMagick/issues/1072</a> Patch: <a href="https://github.com/ImageMagick/ImageMagick/commit/089fca04e0130549fa15f48ace3f56e30a06049a">https://github.com/ImageMagick/ImageMagick/commit/089fca04e0130549fa15f48ace3f56e30a06049a</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | =7.0.7-26-q16 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =17.10 | |
Canonical Ubuntu Linux | =18.04 | |
IBM Data Risk Manager | <=2.0.6 | |
debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-9133 is a vulnerability in ImageMagick version 7.0.7-26 Q16 that allows a remote attacker to cause a denial of service.
CVE-2018-9133 has a severity rating of 6.5, which is considered medium.
To fix CVE-2018-9133 in ImageMagick 7.0.7-26 Q16, you need to apply the patch provided by IBM if you are using IBM Data Risk Manager. For other affected software, you can update to the patched versions listed in the reference URLs.
Yes, Ubuntu is affected by CVE-2018-9133. You can find the specific affected versions and the corresponding patched versions in the reference URLs.
The Common Weakness Enumeration (CWE) ID for CVE-2018-9133 is CWE-834.