Vulnerability Details CVE-2018-11251
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
Products affected by CVE-2018-11251
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-16
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-17
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-18
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-19
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-20
-
cpe:2.3:a:imagemagick:imagemagick:7.0.7-23