CVE-2019-13299

Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.0.8-50

Description The issue is related to a heap-based buffer over-read in the GetPixelChannel function, located in MagickCore/pixel-accessor.h. This can be exploited by a remote attacker using a specially crafted image, potentially leading to a denial of service or disclosure of protected information.

Recommendations For ImageMagick version 7.0.8-50, consider disabling the GetPixelChannel function as a temporary workaround until a patch is available. Restrict access to the pixel-accessor.h module to minimize the risk of exploitation. Avoid using the GetPixelChannel function in the affected ImageMagick version until the issue is resolved.