CVE-2018-7443

MEDIUM

ImageMagick 7.0.7-23 Q16 - Denial of Service via TIFF Image Data Validation

Title source: llm

Description

The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).

References (4)

Core 4

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/02/msg00028.html

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://github.com/ImageMagick/ImageMagick/issues/999

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3681-1/

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html

Scores

CVSS v3 6.5

EPSS 0.0037

EPSS Percentile 59.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-770

Status published

Products (6)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

canonical/ubuntu_linux 18.04

debian/debian_linux 7.0

imagemagick/imagemagick 7.0.7-23 q16

Published Feb 23, 2018

Tracked Since Feb 18, 2026