CVE-2019-11470

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.8-26 Q16

Description The issue is related to the Cineon parsing component, which allows attackers to cause a denial-of-service due to uncontrolled resource consumption. This can be achieved by creating a Cineon image with an incorrect claimed image size. The problem stems from the ReadCINImage function in coders/cin.c, which lacks sufficient checks for image data in a file. An attacker can exploit this by crafting a Cineon image that exceeds the standard size, leading to a denial-of-service.

Recommendations For ImageMagick version 7.0.8-26 Q16, consider disabling the ReadCINImage function as a temporary workaround until a patch is available. Restrict access to the Cineon parsing component to minimize the risk of exploitation. Avoid using the Cineon image format until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2019-02510

CESA-2020_1180

CVE-2019-11470

DLA-1968-1

DLA-2333-1

DSA-4712-1

OPENSUSE-SU-2019:1603-1

OPENSUSE-SU-2019_1603-1

OPENSUSE-SU-2019_1683-1

RHSA-2020:1180

RHSA-2020_1180

SUSE-SU-2019:1523-1

SUSE-SU-2019:1712-1

SUSE-SU-2019_1523-1

USN-4034-1

USN-6985-1

Affected Products

Centos

Imagemagick

Red Hat

Suse

Ubuntu

CVE-2019-11470

Weakness Enumeration

Related Identifiers

Affected Products

References · 94