First published: Fri Mar 30 2018(Updated: )
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick | =7.0.7-24-q16 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-9135 is classified as a moderate severity vulnerability.
To fix CVE-2018-9135, update ImageMagick to a version later than 7.0.7-24.
CVE-2018-9135 affects ImageMagick version 7.0.7-24 Q16.
CVE-2018-9135 involves a heap-based buffer overread problem in the IsWEBPImageLossless function.
Yes, CVE-2018-9135 can potentially be exploited remotely through crafted WEBP image files.