VDB
CVE-2018-16323
CVE-2018-16323
PUBLISHED
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
EPSS 87.53% · 99.5th percentile
Risk Scores
EPSS Score
87.53%
99.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | imagemagick | 8:6.8.9.9-7ubuntu5.9, *, 8:6.8.9.9-7ubuntu5.7 |
| Ubuntu:14.04:LTS | imagemagick | *, 0, 8:6.7.7.10-5ubuntu4 |
| Ubuntu:18.04:LTS | imagemagick | 8:6.9.7.4+dfsg-16ubuntu2, *, 0 |
Timeline
- Sep 1, 2018 CVE Published
- Nov 20, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 17, 2023 EPSS Score
- May 8, 2023 EPSS Score
- Jul 8, 2023 EPSS Score
- Aug 11, 2023 EPSS Score
- Sep 13, 2023 EPSS Score
- Oct 19, 2023 EPSS Score
- Dec 11, 2023 EPSS Score
- Feb 13, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-16323 third-party-advisory
- https://ubuntu.com/security/notices/USN-3785-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4034-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-16323 third-party-advisory