CVE-2018-7470
Description
ImageMagick 7.0.7-22 Q16 has a segmentation violation in IsWEBPImageLossless when processing a crafted WebP file, leading to denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.7-22 Q16 has a segmentation violation in IsWEBPImageLossless when processing a crafted WebP file, leading to denial of service.
Vulnerability
A segmentation violation vulnerability exists in ImageMagick 7.0.7-22 Q16 in the IsWEBPImageLossless function within coders/webp.c. The issue occurs when a crafted WebP file is processed, causing a NULL or invalid pointer to be dereferenced in the ReadWebPLSBWord function (line 157 calls ReadWebPLSBWord at line 196). This is triggered during the identify command or any operation that reads a WebP image, as shown by the ASAN trace in the issue report [1].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted WebP file to an application using the vulnerable ImageMagick version (7.0.7-22). No special privileges are required; the attacker only needs to convince a user or automated process to process the malicious file (e.g., via identify -verbose ./poc). The crash occurs during image parsing, before any sanitization checks, leading to a segmentation violation [1].
Impact
Successful exploitation results in a denial of service (DoS) due to a segmentation violation, causing the application to crash. The crash is immediate and can be triggered repeatedly with the same crafted file. No remote code execution or data corruption is reported, but the crash can disrupt service availability [1].
Mitigation
As of the publication date (2018-02-25), ImageMagick released version 7.0.7-23 which contains a fix for this issue. Users should upgrade to ImageMagick 7.0.7-23 or later. There is no known workaround; however, limiting file uploads or disabling WebP support via policy configuration (e.g., ``) may prevent exploitation until patching is possible [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- Range: =7.0.7-22
- osv-coords11 versionspkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 6.8.8.1-71.47.1+ 10 more
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The IsWEBPImageLossless function in coders/webp.c improperly handles WEBP image data, leading to a segmentation violation."
Attack vector
An attacker can trigger a denial of service by providing a crafted WEBP file to an application that uses ImageMagick for image processing. The vulnerability is triggered when the `IsWEBPImageLossless` function attempts to process this malformed input, resulting in a segmentation fault [ref_id=1].
Affected code
The vulnerability resides in the `IsWEBPImageLossless` function within the `coders/webp.c` file. Specifically, the issue stems from incorrect pointer operations within the `ReadWebPLSBWord` function, which is called by `IsWEBPImageLossless` [ref_id=1].
What the fix does
The patch addresses the vulnerability by correcting the pointer access within the `ReadWebPLSBWord` function in `coders/webp.c`. This change ensures that the function handles the WEBP image data correctly, preventing the out-of-bounds read that led to the segmentation violation [ref_id=1].
Preconditions
- inputA crafted WEBP file.
Reproduction
The provided reference includes a Proof of Concept (POC) file named 'poc.zip' and an ASAN output indicating a segmentation fault when processing this file with `identify -verbose ./poc` [ref_id=1].
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- github.com/ImageMagick/ImageMagick/issues/998mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.