CVE-2018-16750
ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c
Severity Score
Exploit Likelihood
Affected Versions
5Public Exploits
1Exploited in Wild
-Decision
Descriptions
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
En ImageMagick 7.0.7-29 y anteriores, se ha encontrado una fuga de memoria en la funciĆ³n formatIPTCfromBuffer en coders/meta.c.
Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. It was discovered that several memory leaks existed when handling certain images in ImageMagick. An attacker could use this to cause a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-09 CVE Reserved
- 2018-09-09 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (5)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/3785-1 | 2021-04-28 | |
| https://access.redhat.com/security/cve/CVE-2018-16750 | 2020-03-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1627917 | 2020-03-31 |