Fluid Attacks Database

Description

In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	graphicsmagick	>=0 <1.4~hg15880-1	1.4~hg15880-1
debian 11	graphicsmagick	>=0 <1.4~hg15880-1	1.4~hg15880-1
debian 13	graphicsmagick	>=0 <1.4~hg15880-1	1.4~hg15880-1
debian 14	graphicsmagick	>=0 <1.4~hg15880-1	1.4~hg15880-1

Aliases

1. CVE-2018-201852. NVD-2018-201853. OSV-DEBIAN-2018-201854. OSV-2018-201855. SECURITY-TRACKER-CVE-2018-20185

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.