VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 23, 2018· Updated Aug 5, 2024

CVE-2018-8960

CVE-2018-8960

Description

In ImageMagick 7.0.7-26 Q16, a malformed TIFF image triggers a heap-buffer-over-read in ReadTIFFImage, leading to denial of service or possible code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In ImageMagick 7.0.7-26 Q16, a malformed TIFF image triggers a heap-buffer-over-read in ReadTIFFImage, leading to denial of service or possible code execution.

Vulnerability

The ReadTIFFImage function in coders/tiff.c of ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation when processing specially crafted TIFF files. This leads to a heap-based buffer over-read. The issue affects the version 7.0.7-26 as reported [1][2].

Exploitation

An attacker must craft a malicious TIFF image that, when processed by ImageMagick (e.g., using the convert command), triggers the heap-buffer-overflow. No special authentication or network access is required if the victim opens the file with ImageMagick. The referenced exploit shows that conversion of a tif_heap-buffer-overflow file causes an AddressSanitizer error indicating a heap-buffer-overflow read of 4 bytes at a controlled location [2].

Impact

Successful exploitation could cause a denial of service (crash) or potentially allow arbitrary code execution with the privileges of the user running ImageMagick. The Ubuntu security notice lists this as a denial of service or possible code execution [1].

Mitigation

Ubuntu has released fixed versions in USN-3681-1, updating imagemagick packages for Ubuntu 18.04 LTS (bionic) and other releases [1]. Users should update to the patched package versions. The ImageMagick project likely addressed this in later releases; upgrading to a version beyond 7.0.7-26 is recommended [2].

References
  1. USN-3681-1: ImageMagick vulnerabilities | Ubuntu security notices | Ubuntu
  2. heap-buffer-overflow in 7.0.7-26

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The ReadTIFFImage function in ImageMagick does not properly restrict memory allocation, leading to a heap-based buffer over-read."

Attack vector

An attacker can trigger this vulnerability by providing a specially crafted TIFF image file to the ImageMagick `convert` utility. When the `ReadTIFFImage` function processes this malicious file, it fails to correctly manage memory allocations. This leads to an out-of-bounds read operation on the heap, potentially causing a crash or other unintended behavior [ref_id=1].

Affected code

The vulnerability resides in the `ReadTIFFImage` function, located in the `coders/tiff.c` file. The issue arises from improper memory allocation handling within this function, which is called during the image reading process [ref_id=1].

What the fix does

The patch addresses the heap-based buffer over-read by ensuring proper validation of memory allocation sizes within the `ReadTIFFImage` function. By correctly checking and limiting the amount of memory allocated, the vulnerability is mitigated, preventing out-of-bounds reads and subsequent crashes [ref_id=1].

Preconditions

  • inputA specially crafted TIFF image file.

Reproduction

root@vultr:/opt/poc# convert tif_heap-buffer-overflow dev/null ================================================================= ==13394==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c00000c97c at pc 0x7f856a3bc674 bp 0x7ffc3e5db890 sp 0x7ffc3e5db880 READ of size 4 at 0x60c00000c97c thread T0 #0 0x7f856a3bc673 in ReadTIFFImage coders/tiff.c:2018 [ref_id=1]

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.