CVE-2019-13298

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.8-50 Q16

Description The issue is related to a heap-based buffer overflow in the SetPixelViaPixelInfo function due to an error in MagickCore/enhance.c. This can be exploited by a remote attacker using a specially crafted image, potentially leading to a denial of service or the execution of arbitrary code. The vulnerability is associated with a buffer overflow in dynamic memory.

Recommendations For ImageMagick version 7.0.8-50 Q16, consider disabling the SetPixelViaPixelInfo function as a temporary workaround until a patch is available. Restrict access to the pixel-accessor.h module to minimize the risk of exploitation. Avoid using the affected function with untrusted image inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.