Candidate: CVE-2018-16329
PublicDate: 2018-09-01 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16329
Description:
 In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the
 GetMagickProperty function in MagickCore/property.c.
Ubuntu-Description:
Notes:
 sbeattie> looks like image_info NULL checks are missing from
   GetMagickPropertyLetter() function. See also
   https://github.com/ImageMagick/ImageMagick/commit/db2a1d6aaff3a83a74b37731405424c95f0c873a
 sbeattie> unfixed in imagemagick6 as of 2018-10-02
 mdeslaur> upstream states that this issue does not affect IM6
Bugs:
 https://github.com/ImageMagick/ImageMagick/issues/1225
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_imagemagick:
 other: https://github.com/ImageMagick/ImageMagick/commit/db2a1d6aaff3a83a74b37731405424c95f0c873a
upstream_imagemagick: needs-triage
precise/esm_imagemagick: DNE
trusty_imagemagick: not-affected (code not present)
trusty/esm_imagemagick: DNE (trusty was not-affected [code not present])
xenial_imagemagick: not-affected (code not present)
esm-infra/xenial_imagemagick: not-affected (code not present)
bionic_imagemagick: not-affected (code not present)
cosmic_imagemagick: not-affected (code not present)
devel_imagemagick: not-affected (code not present)