6.5

CVE-2018-20467

Exploit
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImagemagickImagemagick Version < 6.9.10-16
ImagemagickImagemagick Version >= 7.0.0-0 < 7.0.8-16
OpensuseLeap Version15.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
CanonicalUbuntu Linux Version19.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.1% 0.861
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4034-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html
Third Party Advisory
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html
Broken Link
http://www.securityfocus.com/bid/106315
Third Party Advisory
VDB Entry
https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb
Patch
Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/1408
Patch
Third Party Advisory
Exploit