CVE-2018-16329
Description
NULL pointer dereference in ImageMagick's GetMagickProperty function before 7.0.8-8, leading to potential denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NULL pointer dereference in ImageMagick's GetMagickProperty function before 7.0.8-8, leading to potential denial of service.
Vulnerability
In ImageMagick before version 7.0.8-8, the GetMagickProperty function in MagickCore/property.c contains a NULL pointer dereference vulnerability. The assertion at line 2825 checks image != (Image *) NULL || image_info != (ImageInfo *) NULL, which passes if image_info is non-null even when image is null. Subsequently, the code dereferences image (e.g., accessing image->interlace), causing a crash [1].
Exploitation
An attacker can trigger this vulnerability by providing a specially crafted image that reaches the vulnerable code path. No authentication or user interaction is required beyond supplying the image to an application using ImageMagick. The attack results in a denial of service due to a segmentation fault.
Impact
Successful exploitation leads to a denial of service (application crash). There is no evidence of information disclosure or remote code execution from this bug. The impact is limited to availability.
Mitigation
Update to ImageMagick version 7.0.8-8 or later, which contains the fix. No workaround is available for unpatched versions.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- Range: <7.0.8-8
- osv-coords11 versionspkg:apk/chainguard/imagemagick-6pkg:apk/chainguard/imagemagick-6-devpkg:apk/chainguard/imagemagick-6-docpkg:apk/chainguard/imagemagick-6-staticpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 0+ 10 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 6.8.8.1-71.74.1
- (no CPE)range: < 7.0.7.34-3.24.1
- (no CPE)range: < 7.0.7.34-3.24.1
- (no CPE)range: < 6.8.8.1-71.74.1
- (no CPE)range: < 6.8.8.1-71.74.1
- (no CPE)range: < 6.8.8.1-71.74.1
- (no CPE)range: < 6.8.8.1-71.74.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/ImageMagick/ImageMagick/issues/1225mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.