Improper Initialization
Affecting imagemagick package, versions <8:6.9.7.4+dfsg-11+deb9u9
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.
References
CVSS Score
7.8
high severity
-
Attack VectorLocal
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionRequired
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- CVE
- CVE-2019-12979
- CWE
- CWE-665
- Snyk ID
- SNYK-DEBIAN9-IMAGEMAGICK-451066
- Disclosed
- 26 Jun, 2019
- Published
- 27 Jun, 2019