Bug 1106857 - (CVE-2018-16328) VUL-1: CVE-2018-16328: ImageMagick: NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c
(CVE-2018-16328)
VUL-1: CVE-2018-16328: ImageMagick: NULL pointer dereference exists in the Ch...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/213618/
CVSSv3:SUSE:CVE-2018-16328:4.0:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-03 06:05 UTC by Alexander Bergmann
Modified: 2021-10-05 10:41 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-09-03 06:05:29 UTC
CVE-2018-16328

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the
CheckEventLogging function in MagickCore/log.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16328
http://www.cvedetails.com/cve/CVE-2018-16328/
https://github.com/ImageMagick/ImageMagick/issues/1224
Comment 1 Petr Gajdos 2018-09-03 08:34:37 UTC
TW: already fixed by version update
Comment 2 Petr Gajdos 2018-09-03 10:38:17 UTC
No test case found.
Comment 3 Petr Gajdos 2018-09-03 11:06:56 UTC
15/ImageMagick: affected
11,12/ImageMagick: not affected (no such code found)
*/GraphicsMagick: not affected (no such code found)
Comment 4 Petr Gajdos 2018-09-03 14:30:19 UTC
Will submit for 15/ImageMagick.
Comment 5 Petr Gajdos 2018-09-03 14:37:34 UTC
I believe all fixed.
Comment 9 Swamp Workflow Management 2018-10-02 19:14:15 UTC
SUSE-SU-2018:2977-1: An update that fixes 10 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1106857,1106858,1106989,1107604,1107609,1107612,1107616,1107618,1107619
CVE References: CVE-2018-16323,CVE-2018-16328,CVE-2018-16329,CVE-2018-16413,CVE-2018-16640,CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.24.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.24.1
Comment 10 Marcus Meissner 2018-10-05 07:05:31 UTC
released
Comment 11 Swamp Workflow Management 2018-10-05 10:09:45 UTC
openSUSE-SU-2018:3014-1: An update that fixes 10 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1106857,1106858,1106989,1107604,1107609,1107612,1107616,1107618,1107619
CVE References: CVE-2018-16323,CVE-2018-16328,CVE-2018-16329,CVE-2018-16413,CVE-2018-16640,CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645
Sources used:
openSUSE Leap 15.0 (src):    ImageMagick-7.0.7.34-lp150.2.15.1
Comment 12 OBSbugzilla Bot 2021-10-04 16:41:10 UTC
This is an autogenerated message for OBS integration:
This bug (1106857) was mentioned in
https://build.opensuse.org/request/show/923064 Factory / ImageMagick
Comment 13 OBSbugzilla Bot 2021-10-05 10:41:07 UTC
This is an autogenerated message for OBS integration:
This bug (1106857) was mentioned in
https://build.opensuse.org/request/show/923178 Factory / ImageMagick