CVE-2018-6405

MEDIUM

Imagemagick < 6.9.9-35 - Resource Leak

Title source: rule

Description

In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.

References (2)

[Third Party Advisory] https://usn.ubuntu.com/3681-1/

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/ImageMagick/ImageMagick/issues/964

Scores

CVSS v3 6.5

EPSS 0.0084

EPSS Percentile 74.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-772

Status published

Products (5)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

canonical/ubuntu_linux 18.04

imagemagick/imagemagick < 6.9.9-35

Published Jan 30, 2018

Tracked Since Feb 18, 2026