CVE-2018-16328
Description
ImageMagick 7.0.8-8 and earlier crash via null pointer dereference in CheckEventLogging when log cache is exhausted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.8-8 and earlier crash via null pointer dereference in CheckEventLogging when log cache is exhausted.
Vulnerability
In ImageMagick versions before 7.0.8-8, the CheckEventLogging function in MagickCore/log.c contains a NULL pointer dereference. The function calls GetNextValueInLinkedList(log_cache) without validating the return value. When the linked list is exhausted (i.e., list_info->next == (ElementInfo *) NULL), the function returns NULL, and the subsequent dereference of p->event_mask at line 676 causes a crash [1].
Exploitation
An attacker can trigger this vulnerability by providing a crafted image file that causes ImageMagick to process logging events until the log cache linked list is fully traversed. No authentication or special privileges are required; the attacker only needs to submit a malicious file to an application using ImageMagick's conversion or processing capabilities [1].
Impact
Successful exploitation results in a denial-of-service (DoS) condition via a NULL pointer dereference, causing ImageMagick to crash. This can disrupt services that rely on ImageMagick for image processing. There is no evidence of code execution or information disclosure [1].
Mitigation
The vulnerability is fixed in ImageMagick version 7.0.8-8 [1]. Users should upgrade to this version or later. No workarounds are available for earlier versions.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- Range: <7.0.8-8
- osv-coords7 versionspkg:apk/chainguard/imagemagick-6pkg:apk/chainguard/imagemagick-6-devpkg:apk/chainguard/imagemagick-6-docpkg:apk/chainguard/imagemagick-6-staticpkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015
< 0+ 6 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 7.1.0.9-1.1
- (no CPE)range: < 7.0.7.34-3.24.1
- (no CPE)range: < 7.0.7.34-3.24.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/ImageMagick/ImageMagick/issues/1224mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.