Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2018-15607

Public on 2018-08-21
Modified on 2020-10-22
Description

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Severity
Low
See what this means
CVSS v3 Base Score
5.3
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 ImageMagick 2024-03-13 19:46 ALAS-2024-1926
Amazon Linux 2 - Core ImageMagick 2020-10-22 17:05 ALAS2-2020-1497
Amazon Linux 2 - Core ImageMagick 2024-01-19 01:51 ALAS2-2024-2432
Amazon Linux 1 php-pecl-imagick 2020-06-23 07:03 ALAS-2020-1391
Amazon Linux 1 php54-pecl-imagick 2023-08-21 12:14 ALAS-2023-1810
Amazon Linux 1 php55-pecl-imagick 2023-08-21 12:14 ALAS-2023-1812
Amazon Linux 1 php56-pecl-imagick 2023-08-21 12:14 ALAS-2023-1811
Amazon Linux 1 php70-pecl-imagick 2023-08-21 12:14 ALAS-2023-1813
Amazon Linux 1 php71-pecl-imagick 2023-08-21 12:14 ALAS-2023-1814
Amazon Linux 1 php72-pecl-imagick 2023-08-21 12:14 ALAS-2023-1815

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
NVD CVSSv2 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C
NVD CVSSv3 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H