製品・ソフトウェアに関する情報

JVN脆弱性詳細

GraphicsMagick におけるゼロ除算に関する脆弱性

Title	GraphicsMagick におけるゼロ除算に関する脆弱性
Summary	GraphicsMagick には、ゼロ除算に関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 25, 2018, midnight
Registration Date	May 18, 2018, 11:49 a.m.
Last Update	May 18, 2018, 11:49 a.m.

Affected System

GraphicsMagick

GraphicsMagick 1.3.28

Debian

Debian GNU/Linux

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-9018	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9018
National Vulnerability Database (NVD)
2	CVE-2018-9018	https://nvd.nist.gov/vuln/detail/CVE-2018-9018

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-369	https://cwe.mitre.org/data/definitions/369.html

ベンダー情報

No	Name	URL
Debian
1	[SECURITY] [DLA 1322-1] graphicsmagick security update	https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html
SourceForge
2	#554 Divide-by-zero in ReadMNGImage (coders/png.c)	https://sourceforge.net/p/graphicsmagick/bugs/554/

その他

No	Name	URL
関連文書
1	103526	https://www.securityfocus.com/bid/103526

Change Log

No	Changed Details	Date of change
1	[2018年05月18日] 掲載	May 18, 2018, 11:49 a.m.

NVD Vulnerability Information

CVE-2018-9018

Summary	In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
Publication Date	March 26, 2018, 6:29 a.m.
Registration Date	March 1, 2021, 7:43 p.m.
Last Update	Nov. 21, 2024, 1:14 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.28:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/103526	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/103526	Third Party Advisory VDB Entry
3	https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html	Mailing List Third Party Advisory
4	https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html	Mailing List Third Party Advisory
5	https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html	Mailing List Third Party Advisory
6	https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html	Mailing List Third Party Advisory
7	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/
8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/
9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/
10	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/
11	https://sourceforge.net/p/graphicsmagick/bugs/554/	Exploit Issue Tracking Third Party Advisory
12	https://sourceforge.net/p/graphicsmagick/bugs/554/	Exploit Issue Tracking Third Party Advisory
13	https://www.debian.org/security/2018/dsa-4321	Third Party Advisory
14	https://www.debian.org/security/2018/dsa-4321	Third Party Advisory

Common Vulnerabilities List