CVE-2018-5685

Name
CVE-2018-5685
Description
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://sourceforge.net/p/graphicsmagick/bugs/541/
Patch http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6
Mailing List https://lists.debian.org/debian-lts-announce/2018/01/msg00018.html
Mailing List https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
Third Party Advisory https://www.debian.org/security/2018/dsa-4321

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.27:*:*:*:*:*:*:* graphicsmagick == None == 1.3.27

Vulnerable and fixed packages

Source package Branch Version Maintainer Status