Out-of-Bounds in imagemagick

Do your applications use this vulnerable package? Test your applications

Overview

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.

References

Debian Security Tracker
GitHub Commit
MLIST
OpenSuse Security Announcement
RedHat Bugzilla Bug
SUSE
Security Focus
UBUNTU
Ubuntu CVE Tracker

Attack Vector

Local
Attack Complexity

Low
Privileges Required

Low
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

None
Availability

High

CVE: CVE-2019-10131
CWE: CWE-119 CWE-193
Snyk ID: SNYK-DEBIAN8-IMAGEMAGICK-345541
Disclosed: 30 Apr, 2019
Published: 30 Apr, 2019

Out-of-Bounds
Affecting imagemagick package, versions *

Overview

References

CVSS Score

Out-of-Bounds Affecting imagemagick package, versions *

Overview

References

Out-of-Bounds
Affecting imagemagick package, versions *