Use After Free in imagemagick

Do your applications use this vulnerable package? Test your applications

Overview

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.

References

ADVISORY
DEBIAN
DEBIAN
Debian Security Announcement
Debian Security Tracker
GitHub Commit
GitHub Issue
SUSE
SUSE
UBUNTU
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2019-15140
CWE: CWE-416
Snyk ID: SNYK-DEBIAN9-IMAGEMAGICK-471709
Disclosed: 18 Aug, 2019
Published: 03 Oct, 2019

Use After Free
Affecting imagemagick package, versions <8:6.9.7.4+dfsg-11+deb9u8

Overview

References

CVSS Score

Use After Free Affecting imagemagick package, versions <8:6.9.7.4+dfsg-11+deb9u8

Overview

References

Use After Free
Affecting imagemagick package, versions <8:6.9.7.4+dfsg-11+deb9u8