Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2018-16644
HistorySep 06, 2018 - 10:29 p.m.

CVE-2018-16644

2018-09-0622:29:01
CWE-119
[email protected]
web.nvd.nist.gov
5

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.

Affected configurations

Nvd
Node
imagemagickimagemagickMatch7.0.8-11
Node
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch18.04lts
OR
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
VendorProductVersionCPE
imagemagickimagemagick7.0.8-11cpe:2.3:a:imagemagick:imagemagick:7.0.8-11:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Related

osv 3
alpinelinux 1
prion 1
ubuntucve 1
veracode 1
redhatcve 1
cve 1
cvelist 1
debiancve 1
nessus 22
suse 6
openvas 16
debian 2
cloudfoundry 2
ubuntu 2
mageia 1
redhat 1
centos 1
osv
osv
CVE-2018-16644
2018-09-06 22:29:01
imagemagick - security update
2018-10-12 00:00:00
imagemagick - security update
2018-10-03 00:00:00
alpinelinux
alpinelinux
CVE-2018-16644
2018-09-06 22:29:01
prion
prion
Design/Logic Flaw
2018-09-06 22:29:00
ubuntucve
ubuntucve
CVE-2018-16644
2018-09-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-10-05 02:27:11
redhatcve
redhatcve
CVE-2018-16644
2018-09-07 17:49:27
cve
cve
CVE-2018-16644
2018-09-06 22:29:01
cvelist
cvelist
CVE-2018-16644
2018-09-06 22:00:00
debiancve
debiancve
CVE-2018-16644
2018-09-06 22:29:01
nessus
nessus
openSUSE Security Update : GraphicsMagick (openSUSE-2019-688)
2019-03-27 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-2018-1312)
2018-10-29 00:00:00
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:3465-1)
2018-10-26 00:00:00
suse
suse
Security update for ImageMagick (moderate)
2018-10-27 00:27:39
Security update for GraphicsMagick (low)
2018-09-17 15:08:02
Security update for GraphicsMagick (low)
2018-09-22 09:27:03
openvas
openvas
openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2018:2742-1)
2018-09-18 00:00:00
openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2018:3524-1)
2018-10-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3465-1)
2021-04-19 00:00:00
debian
debian
[SECURITY] [DSA 4316-1] imagemagick security update
2018-10-12 20:55:21
[SECURITY] [DLA 1530-1] imagemagick security update
2018-10-03 18:05:30
cloudfoundry
cloudfoundry
USN-3785-1: ImageMagick vulnerabilities | Cloud Foundry
2018-10-09 00:00:00
USN-4034-1: ImageMagick vulnerabilities | Cloud Foundry
2019-07-10 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2018-10-04 00:00:00
ImageMagick vulnerabilities
2019-06-25 00:00:00
mageia
mageia
Updated graphicsmagick packages fix security vulnerabilities & bugs
2019-01-01 01:42:09
redhat
redhat
(RHSA-2020:1180) Moderate: ImageMagick security, bug fix, and enhancement update
2020-03-31 09:28:57
centos
centos
ImageMagick, autotrace, emacs, inkscape security update
2020-04-08 17:42:49

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON
Related for NVD:CVE-2018-16644
osv3alpinelinux1prion1ubuntucve1veracode1redhatcve1cve1cvelist1debiancve1nessus22suse6openvas16debian2cloudfoundry2ubuntu2mageia1redhat1centos1