Bug 1625430 (CVE-2018-16413) - CVE-2018-16413 ImageMagick: heap-based buffer over-read in the PushShortPixel function in MagickCore/quantum-private.h
Summary: CVE-2018-16413 ImageMagick: heap-based buffer over-read in the PushShortPixel...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-16413
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1625431
Blocks: 1625433
TreeView+ depends on / blocked
 
Reported: 2018-09-04 22:15 UTC by Laura Pardo
Modified: 2019-09-29 14:57 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-05 14:19:56 UTC


Attachments (Terms of Use)

Description Laura Pardo 2018-09-04 22:15:49 UTC
A flaw was found in ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.


References:
https://github.com/ImageMagick/ImageMagick/issues/1249
https://github.com/ImageMagick/ImageMagick/issues/1251

Comment 1 Laura Pardo 2018-09-04 22:16:24 UTC
Created ImageMagick tracking bugs for this issue:

Affects: fedora-all [bug 1625431]

Comment 3 Riccardo Schirone 2018-09-18 12:50:34 UTC
This seems a duplicate of CVE-2018-16412, because they have the same patch and they are caused by the same issue.


Note You need to log in before you can comment on or make changes to this bug.