VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 30, 2018· Updated Aug 5, 2024

CVE-2018-9135

CVE-2018-9135

Description

A heap-based buffer over-read in ImageMagick's IsWEBPImageLossless function allows denial of service via crafted WebP images.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A heap-based buffer over-read in ImageMagick's IsWEBPImageLossless function allows denial of service via crafted WebP images.

Vulnerability

A heap-based buffer over-read vulnerability exists in the IsWEBPImageLossless function in coders/webp.c of ImageMagick 7.0.7-24 Q16 (and possibly earlier versions). The flaw occurs when processing a specially crafted WebP image, leading to an out-of-bounds read of 1 byte beyond an allocated heap buffer [1].

Exploitation

An attacker can exploit this vulnerability by providing a malicious WebP image to an application using ImageMagick (e.g., the identify command). No authentication or special privileges are required; the victim only needs to process the image. The over-read is triggered during the parsing of the WebP image header in IsWEBPImageLossless [1].

Impact

Successful exploitation results in a heap-buffer-over-read, which can cause a denial of service via application crash, as demonstrated by AddressSanitizer output. Additionally, the over-read may lead to the disclosure of sensitive heap memory contents, though the primary impact is a crash [1].

Mitigation

The issue was reported and fixed in a subsequent release of ImageMagick. Users should upgrade to ImageMagick version 7.0.7-25 or later. If upgrading is not immediately possible, avoid processing untrusted WebP images with ImageMagick [1].

References
  1. heap-buffer-overflow

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"A heap-based buffer over-read occurs in the IsWEBPImageLossless function when processing WebP images."

Attack vector

An attacker can trigger this vulnerability by providing a specially crafted WebP image to the ImageMagick software. The software then attempts to process this image, leading to the buffer over-read. The ASan output indicates that the vulnerability is triggered during the `IdentifyImageCommand` execution, which is part of the `magick` utility [ref_id=1].

Affected code

The vulnerability resides in the `IsWEBPImageLossless` function within the `coders/webp.c` file. The ASan output specifically points to line 184 of this file as the location of the heap-based buffer over-read [ref_id=1]. This function is called during the `ReadWEBPImage` function, which is further invoked by `ReadImage` and `IdentifyImageCommand` [ref_id=1].

What the fix does

The provided bundle does not contain information about a patch or a fix for this vulnerability. The advisory indicates the affected version is ImageMagick 7.0.7-24 Q16, and the reference write-up mentions version 7.0.7-22, but no remediation steps or patches are detailed [ref_id=1].

Preconditions

  • inputThe attacker must provide a malicious WebP image file.
  • configThe vulnerable version of ImageMagick (7.0.7-24 Q16 or earlier) must be installed.

Reproduction

The reference write-up includes ASan output and mentions a POC file named 'poc.zip', but the reproduction steps themselves are not detailed [ref_id=1].

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

News mentions

0

No linked articles in our index yet.