CVE-2018-20467
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
| Software | From | Fixed in |
|---|---|---|
| imagemagick / imagemagick | - | 6.9.10-16 |
| imagemagick / imagemagick | 7.0.0-0 | 7.0.8-16 |
| opensuse / leap | 15.0 | 15.0.x |
| debian / debian_linux | 9.0 | 9.0.x |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| canonical / ubuntu_linux | 18.10 | 18.10.x |
| canonical / ubuntu_linux | 19.04 | 19.04.x |
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html
- http://www.securityfocus.com/bid/106315
- https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb
- https://github.com/ImageMagick/ImageMagick/issues/1408
- https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html
- https://usn.ubuntu.com/4034-1/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime