Out-of-bounds Read
Affecting imagemagick package, versions <8:6.9.10.23+dfsg-2.1+deb10u1
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
References
CVSS Score
8.8
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionRequired
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- CVE
- CVE-2019-13295
- CWE
- CWE-125
- Snyk ID
- SNYK-DEBIAN10-IMAGEMAGICK-453577
- Disclosed
- 05 Jul, 2019
- Published
- 24 Jul, 2019