CVE-2019-11598

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions 7.0.8-40 Q16

Description The issue is related to a heap-based buffer over-read in the WritePNMImage function of coders/pnm.c, which can be exploited by an attacker to cause a denial of service or possibly disclose protected information via a crafted image file. This issue is also related to the SetGrayscaleImage function in MagickCore/quantize.c.

Recommendations For ImageMagick version 7.0.8-40 Q16, consider disabling the WritePNMImage function until a patch is available to prevent potential exploitation. As a temporary workaround, restrict the use of crafted image files to minimize the risk of denial of service or information disclosure.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2020-02561

CESA-2020_1180

CVE-2019-11598

DLA-1785-1

DLA-2366-1

DSA-4712-1

OPENSUSE-SU-2019:1603-1

OPENSUSE-SU-2019_1603-1

OPENSUSE-SU-2019_1683-1

RHSA-2020:1180

RHSA-2020_1180

SUSE-SU-2019:1523-1

SUSE-SU-2019:1712-1

USN-4034-1

USN-6985-1

Affected Products

Centos

Imagemagick

Red Hat

Suse

Ubuntu

CVE-2019-11598

Weakness Enumeration

Related Identifiers

Affected Products

References · 91