CVE-2018-20189
Description
GraphicsMagick 1.3.31's ReadDIBImage function crashes on crafted DIB files with direct pixel values and colormapping due to uninitialized indexes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GraphicsMagick 1.3.31's ReadDIBImage function crashes on crafted DIB files with direct pixel values and colormapping due to uninitialized indexes.
Vulnerability
In GraphicsMagick 1.3.31, the ReadDIBImage function in coders/dib.c contains a vulnerability where a crafted DIB file that appears to have direct pixel values but also specifies colormapping (which is not available beyond 8 bits per sample) causes the function to lack initialization of indexes. This leads to a crash and denial of service. The affected version is 1.3.31. [1]
Exploitation
An attacker can exploit this by providing a specially crafted DIB file to GraphicsMagick. No authentication or special privileges are required; the attacker only needs to convince a user or process to open the malicious file. The file triggers the code path where indexes are not initialized, leading to an assertion failure or crash.
Impact
Successful exploitation results in a denial of service via crash of the GraphicsMagick process. No code execution or information disclosure is indicated in the available references.
Mitigation
The issue is fixed in a later version of GraphicsMagick. According to the bug report [1], the status is closed-fixed. Users should upgrade to a version beyond 1.3.31. No workaround is mentioned.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =1.3.31
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The ReadDIBImage function in coders/dib.c does not properly initialize indexes when a DIB file is crafted to appear with direct pixel values and colormapping."
Attack vector
An attacker can trigger a crash and denial of service by providing a specially crafted DIB file to the GraphicsMagick `convert` utility. The crafted file must be designed to present both direct pixel values and colormapping, which is not supported beyond 8-bits/sample for DIB files. This specific condition leads to uninitialized indexes, causing an assertion failure during image processing.
Affected code
The vulnerability resides in the `ReadDIBImage` function within the `coders/dib.c` file. This function is responsible for processing Device Independent Bitmap (DIB) image files. The issue arises from how it handles the initialization of indexes when a DIB file presents a combination of direct pixel values and colormapping, leading to an assertion failure.
What the fix does
The advisory indicates that the issue is closed-fixed, but does not provide details on the specific code changes made. The fix likely involves ensuring proper initialization of indexes in the ReadDIBImage function when handling DIB files with conflicting color depth and colormapping information. This prevents the assertion failure that leads to the denial of service.
Preconditions
- inputThe attacker must provide a crafted DIB file that attempts to use both direct pixel values and colormapping.
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- usn.ubuntu.com/4207-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4640mitrevendor-advisoryx_refsource_DEBIAN
- hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589mitrex_refsource_MISC
- www.securityfocus.com/bid/106227mitrevdb-entryx_refsource_BID
- lists.debian.org/debian-lts-announce/2018/12/msg00018.htmlmitremailing-listx_refsource_MLIST
- sourceforge.net/p/graphicsmagick/bugs/585/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.