CVE-2019-10649

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.8-36 Q16

Description The issue is related to a memory leak in the SVGKeyValuePairs function of coders/svg.c, which can be exploited by an attacker to cause a denial of service via a crafted image file. This is due to errors in resource management. An attacker can exploit this issue to cause a denial of service using a specially formed image.

Recommendations For ImageMagick version 7.0.8-36 Q16, as a temporary workaround, consider disabling the SVGKeyValuePairs function until a patch is available. Restrict access to the coders/svg.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-399

Related Identifiers

BDU:2020-01539

CVE-2019-10649

DSA-4712-1

MGASA-2019-0142

USN-4034-1

Affected Products

Imagemagick

Ubuntu

CVE-2019-10649

Weakness Enumeration

Related Identifiers

Affected Products

References · 49