{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T09:48:41.233","vulnerabilities":[{"cve":{"id":"CVE-2018-20185","sourceIdentifier":"cve@mitre.org","published":"2018-12-17T19:29:03.720","lastModified":"2024-11-21T04:01:02.587","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits."},{"lang":"es","value":"Hay una sobrelectura de búfer basada en memoria dinámica (heap) en GraphicsMagick 1.4 snapshot-20181209 Q8 en plataformas de 32 bits, en la función ReadBMPImage de bmp.c que permite que atacantes provoquen una denegación de servicio (DoS) mediante un archivo de imagen bmp manipulado. Esto solo afecta a instalaciones de GraphicsMagick con límites BMP personalizados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:N/A:P","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:1.4:2018-12-09:*:*:*:*:*:*","matchCriteriaId":"D40A1BD1-2438-4BD5-AF37-A8628714493D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}]}]}],"references":[{"url":"http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/106229","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://sourceforge.net/p/graphicsmagick/bugs/582/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4207-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4640","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/106229","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://sourceforge.net/p/graphicsmagick/bugs/582/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4207-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}