PT-2019-5355 · Imagemagick+4 · Imagemagick+4

Galycannon

Publicado

2019-04-29

Atualizado

2024-09-04

CVE-2019-11598

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.0.8-40 Q16

Description The issue is related to a heap-based buffer over-read in the WritePNMImage function of coders/pnm.c, which can be exploited by an attacker to cause a denial of service or possibly disclose protected information via a crafted image file. This issue is also related to the SetGrayscaleImage function in MagickCore/quantize.c.

Recommendations For ImageMagick version 7.0.8-40 Q16, consider disabling the WritePNMImage function until a patch is available to prevent potential exploitation. As a temporary workaround, restrict the use of crafted image files to minimize the risk of denial of service or information disclosure.

Exploit

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

BDU:2020-02561

CESA-2020_1180

CVE-2019-11598

DLA-1785-1

DLA-2366-1

DSA-4712-1

OPENSUSE-SU-2019:1603-1

OPENSUSE-SU-2019_1603-1

OPENSUSE-SU-2019_1683-1

RHSA-2020:1180

RHSA-2020_1180

SUSE-SU-2019:1523-1

SUSE-SU-2019:1712-1

USN-4034-1

USN-6985-1

Produtos afetados

Centos

Imagemagick

Red Hat

Suse

Ubuntu

PT-2019-5355 · Imagemagick+4 · Imagemagick+4

CVE-2019-11598

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 91