Lucene search

[email protected]CVE-2018-9018

HistoryMar 25, 2018 - 9:29 p.m.

CVE-2018-9018

2018-03-2521:29:00

CWE-369

[email protected]

web.nvd.nist.gov

graphicsmagick

cve-2018-9018

readmngimage

png.c

vulnerability

remote attack

denial of service

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.3%

JSON

In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.

Affected configurations

NVD

Node

graphicsmagickgraphicsmagickMatch1.3.28

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

CPENameOperatorVersion
graphicsmagick:graphicsmagickgraphicsmagickeq1.3.28

CPE	Name	Operator	Version
graphicsmagick:graphicsmagick	graphicsmagick	eq	1.3.28

References

www.securityfocus.com/bid/103526

lists.debian.org/debian-lts-announce/2018/03/msg00025.html

lists.debian.org/debian-lts-announce/2018/08/msg00002.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/

sourceforge.net/p/graphicsmagick/bugs/554/

www.debian.org/security/2018/dsa-4321

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for CVE-2018-9018

prion1 mageia1 debiancve1 ubuntucve1 cvelist1 veracode1 redhatcve1 nvd1 alpinelinux1 openvas9 nessus12 fedora2 osv4 ubuntu1 debian3