CVE-2018-9018
Description
GraphicsMagick 1.3.28 contains a divide-by-zero in ReadMNGImage (coders/png.c) that can be triggered by a crafted MNG file, causing a crash and denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GraphicsMagick 1.3.28 contains a divide-by-zero in ReadMNGImage (coders/png.c) that can be triggered by a crafted MNG file, causing a crash and denial of service.
Vulnerability
In GraphicsMagick 1.3.28, the ReadMNGImage function in coders/png.c contains a divide-by-zero error at line 4638. This occurs when processing a specially crafted MNG file, leading to a floating-point exception (FPE) and program crash. The vulnerability is reachable through any operation that triggers MNG decoding, such as gm identify or gm convert.
Exploitation
An attacker can exploit this vulnerability by providing a malicious MNG file to a target using GraphicsMagick 1.3.28. No authentication or special privileges are required; the attacker only needs to convince the victim (or an automated service) to process the file using GraphicsMagick. The crash is triggered immediately upon parsing the malformed MNG data, as demonstrated by the AddressSanitizer stack trace in the bug report [1].
Impact
Successful exploitation results in a denial of service (DoS) due to the program aborting with a floating-point exception. The crash terminates the GraphicsMagick process, potentially disrupting image processing workflows. No code execution or data disclosure has been reported for this vulnerability.
Mitigation
As of the available references, no official patch has been explicitly announced. Users are advised to upgrade to a version of GraphicsMagick later than 1.3.28, as the issue was likely fixed in subsequent releases. Until an update is applied, avoid processing untrusted MNG files with GraphicsMagick.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11- Range: =1.3.28
- osv-coords10 versionspkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 1.2.5-78.47.1+ 9 more
- (no CPE)range: < 1.2.5-78.47.1
- (no CPE)range: < 1.2.5-78.47.1
- (no CPE)range: < 6.8.8.1-71.54.5
- (no CPE)range: < 6.4.3.6-78.45.1
- (no CPE)range: < 6.8.8.1-71.54.5
- (no CPE)range: < 6.4.3.6-78.45.1
- (no CPE)range: < 6.8.8.1-71.54.5
- (no CPE)range: < 6.4.3.6-78.45.1
- (no CPE)range: < 6.8.8.1-71.54.5
- (no CPE)range: < 6.8.8.1-71.54.5
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A divide-by-zero error occurs in the ReadMNGImage function when processing a crafted MNG file."
Attack vector
Remote attackers can trigger this vulnerability by providing a specially crafted MNG file to the GraphicsMagick software. The vulnerability lies within the `ReadMNGImage` function in `coders/png.c`. When this function attempts to process the malicious file, it results in a division by zero error, leading to a program crash and denial of service [ref_id=1].
Affected code
The vulnerability exists in the `ReadMNGImage` function located in the file `coders/png.c` [ref_id=1]. The stack trace points to line 4638:61 within this function as the location of the divide-by-zero error [ref_id=1].
What the fix does
The advisory indicates a divide-by-zero error in the `ReadMNGImage` function of `coders/png.c` [ref_id=1]. While a specific patch is not provided in the bundle, the vulnerability is described as being fixed in later versions. The fix likely involves adding checks to prevent division by zero when processing MNG image data.
Preconditions
- inputA crafted MNG file.
Reproduction
To reproduce the issue, build GraphicsMagick with ASAN and run: ./gm identify $POC. [ref_id=1]
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2018/dsa-4321mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/103526mitrevdb-entryx_refsource_BID
- lists.debian.org/debian-lts-announce/2018/03/msg00025.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2018/08/msg00002.htmlmitremailing-listx_refsource_MLIST
- sourceforge.net/p/graphicsmagick/bugs/554/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.