CVE-2018-16328: Null Pointer Dereference

Q: What is the severity of CVE-2018-16328?

CVE-2018-16328 has a medium severity rating due to its potential to cause denial of service.

Q: How do I fix CVE-2018-16328?

To fix CVE-2018-16328, update ImageMagick to a version later than 7.0.8-8.

Q: What impact does CVE-2018-16328 have on affected systems?

CVE-2018-16328 can cause affected systems running ImageMagick to crash when processing a specially-crafted file.

Q: Which versions of ImageMagick are affected by CVE-2018-16328?

CVE-2018-16328 affects ImageMagick versions up to and including 7.0.8-8.

Q: Can CVE-2018-16328 be exploited remotely?

Yes, CVE-2018-16328 can be exploited remotely if a victim is persuaded to open a malicious file in ImageMagick.

Published Sep 1, 2018

Updated

A flaw was found in ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.

References: https://github.com/ImageMagick/ImageMagick/issues/1224

Other sources

ImageMagick is vulnerable to a denial of service, caused by a NULL pointer dereference in the CheckEventLogging function in MagickCore/log.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.

— IBM

Affected Software

2 affected componentsFixes available

IBM Data Risk Manager<=2.0.6

ImageMagick<7.0.8-8

Event History

Sep 1, 2018

CVE Published

via MITRE·10:00 PM

Data Sourced

via MITRE·10:00 PM

Description

Sep 3, 2018

Data Sourced

via Red Hat·05:01 PM

DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-6335281

Frequently Asked Questions

What is the severity of CVE-2018-16328?

CVE-2018-16328 has a medium severity rating due to its potential to cause denial of service.

How do I fix CVE-2018-16328?

To fix CVE-2018-16328, update ImageMagick to a version later than 7.0.8-8.

What impact does CVE-2018-16328 have on affected systems?