CVE-2018-9018

MEDIUM

Graphicsmagick - Divide By Zero

Title source: rule

Description

In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.

References (7)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103526

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html

[Exploit, Issue Tracking, Third Party Advisory] https://sourceforge.net/p/graphicsmagick/bugs/554/

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4321

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/

Scores

CVSS v3 6.5

EPSS 0.0054

EPSS Percentile 67.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-369

Status published

Affected Products (4)

graphicsmagick/graphicsmagick

debian/debian_linux

Timeline

Published Mar 25, 2018

Tracked Since Feb 18, 2026