ImageMagick Multiple Heap Buffer Overflow Vulnerabilities

ImageMagick is prone to multiple heap-based buffer-overflow vulnerabilities.

Successfully exploiting these issues allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.

Information

Bugtraq ID: 105241
Class: Input Validation Error
CVE: CVE-2018-16413
CVE-2018-16412

Remote: Yes
Local: No
Published: Sep 03 2018 12:00AM
Updated: Sep 03 2018 12:00AM
Credit: yan_1_20
Vulnerable: ImageMagick ImageMagick 7.0.8-11 Q16

Not Vulnerable:

Exploit

The researcher who discovered these issues has created a proof-of-concept. Please see the references for more information.

References:

heap-buffer-overflow bug in MagickCore/quantum-private.h (ImageMagick)
heap-buffer-overflow bug in ParseImageResourceBlocks coders/psd.c (ImageMagick)
heap-buffer-overflow bug in PushShortPixel MagickCore/quantum-private.h (ImageMagick)
ImageMagick Homepage (Image Magick)

Source: www.securityfocus.com

Exploit Collector

Search Exploit