PT-2019-5195 · Graphicsmagick+3 · Graphicsmagick+3

Galycannon

Publicado

2019-04-24

Atualizado

2023-03-01

CVE-2019-11505

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GraphicsMagick versions 1.3.8 through 1.4 snapshot-20190403 Q8

Description The issue is related to a heap-based buffer overflow in the WritePDBImage function, which can be exploited by an attacker to cause a denial of service or potentially have other unspecified impacts. This can be achieved via a crafted image file. The MagickBitStreamMSBWrite function in magick/bit stream.c is also related to this issue.

Recommendations For GraphicsMagick versions 1.3.8 through 1.4 snapshot-20190403 Q8, consider restricting the use of the WritePDBImage function until a patch is available to prevent potential exploitation. Additionally, avoid using crafted image files that could trigger the buffer overflow in the WritePDBImage function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-119

Identificadores relacionados

ALT-PU-2020-2894

ALT-PU-2021-1452

BDU:2020-01869

CVE-2019-11505

DLA-1795-1

DSA-4640-1

MGASA-2019-0187

OPENSUSE-SU-2019:1354-1

OPENSUSE-SU-2019:1437-1

OPENSUSE-SU-2019:1603-1

OPENSUSE-SU-2019_1354-1

OPENSUSE-SU-2019_1355-1

OPENSUSE-SU-2019_1603-1

OPENSUSE-SU-2019_1683-1

SUSE-SU-2019:1523-1

SUSE-SU-2019:1712-1

USN-4207-1

Produtos afetados

Alt Linux

Graphicsmagick

Suse

Ubuntu

PT-2019-5195 · Graphicsmagick+3 · Graphicsmagick+3

CVE-2019-11505

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 80