PT-2019-5874 · Imagemagick+4 · Imagemagick+4

Hongxuchen

Publicado

2019-04-23

Atualizado

2024-09-04

CVE-2019-11472

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.8-41 Q16

Description The issue is related to a denial-of-service (divide-by-zero error) in the XWD image parsing component of ImageMagick. This can be triggered by crafting a specific XWD image file where the header does not indicate whether the data is stored in least significant bit (LSB) first or most significant bit (MSB) first order. An attacker could exploit this vulnerability to cause a denial-of-service.

Recommendations For ImageMagick version 7.0.8-41 Q16, consider avoiding the use of the ReadXWDImage function in coders/xwd.c until a patch is available. As a temporary workaround, restrict the processing of XWD image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Divide By Zero

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-369

Identificadores relacionados

BDU:2021-03542

CESA-2020_1180

CVE-2019-11472

DLA-2333-1

DSA-4712-1

OPENSUSE-SU-2019:1603-1

OPENSUSE-SU-2019_1603-1

OPENSUSE-SU-2019_1683-1

RHSA-2020:1180

RHSA-2020_1180

SUSE-SU-2019:1523-1

SUSE-SU-2019:1712-1

USN-4034-1

USN-6985-1

Produtos afetados

Centos

Imagemagick

Red Hat

Suse

Ubuntu

PT-2019-5874 · Imagemagick+4 · Imagemagick+4

CVE-2019-11472

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 92