PT-2019-2626 · Imagemagick+4 · Imagemagick+4

Hongxuchen

Publicado

2019-04-23

Atualizado

2024-09-04

CVE-2019-11470

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.8-26 Q16

Description The issue is related to the Cineon parsing component, which allows attackers to cause a denial-of-service due to uncontrolled resource consumption. This can be achieved by creating a Cineon image with an incorrect claimed image size. The problem stems from the ReadCINImage function in coders/cin.c, which lacks sufficient checks for image data in a file. An attacker can exploit this by crafting a Cineon image that exceeds the standard size, leading to a denial-of-service.

Recommendations For ImageMagick version 7.0.8-26 Q16, consider disabling the ReadCINImage function as a temporary workaround until a patch is available. Restrict access to the Cineon parsing component to minimize the risk of exploitation. Avoid using the Cineon image format until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

BDU:2019-02510

CESA-2020_1180

CVE-2019-11470

DLA-1968-1

DLA-2333-1

DSA-4712-1

OPENSUSE-SU-2019:1603-1

OPENSUSE-SU-2019_1603-1

OPENSUSE-SU-2019_1683-1

RHSA-2020:1180

RHSA-2020_1180

SUSE-SU-2019:1523-1

SUSE-SU-2019:1712-1

SUSE-SU-2019_1523-1

USN-4034-1

USN-6985-1

Produtos afetados

Centos

Imagemagick

Red Hat

Suse

Ubuntu

PT-2019-2626 · Imagemagick+4 · Imagemagick+4

CVE-2019-11470

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 94