CVE-2018-9133

MEDIUM

Imagemagick - Denial of Service

Title source: rule

Description

ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.

References (3)

[Third Party Advisory] https://usn.ubuntu.com/3681-1/

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/ImageMagick/ImageMagick/issues/1072

[Mailing List] https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html

Scores

CVSS v3 6.5

EPSS 0.0027

EPSS Percentile 49.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-834

Status published

Products (5)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

canonical/ubuntu_linux 18.04

imagemagick/imagemagick 7.0.7-26 q16

Published Mar 30, 2018

Tracked Since Feb 18, 2026