CVE-2018-20189

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
17/12/2018
Last modified:
03/12/2019

Description

In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.31:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*