ImageMagick is prone to multiple heap-based buffer-overflow vulnerabilities.
Successfully exploiting these issues allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
Information
CVE-2018-16412
Exploit
The researcher who discovered these issues has created a proof-of-concept. Please see the references for more information.
References:
- heap-buffer-overflow bug in MagickCore/quantum-private.h (ImageMagick)
- heap-buffer-overflow bug in ParseImageResourceBlocks coders/psd.c (ImageMagick)
- heap-buffer-overflow bug in PushShortPixel MagickCore/quantum-private.h (ImageMagick)
- ImageMagick Homepage (Image Magick)