CVE-2019-11472

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.8-41 Q16

Description The issue is related to a denial-of-service (divide-by-zero error) in the XWD image parsing component of ImageMagick. This can be triggered by crafting a specific XWD image file where the header does not indicate whether the data is stored in least significant bit (LSB) first or most significant bit (MSB) first order. An attacker could exploit this vulnerability to cause a denial-of-service.

Recommendations For ImageMagick version 7.0.8-41 Q16, consider avoiding the use of the ReadXWDImage function in coders/xwd.c until a patch is available. As a temporary workaround, restrict the processing of XWD image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

BDU:2021-03542

CESA-2020_1180

CVE-2019-11472

DLA-2333-1

DSA-4712-1

OPENSUSE-SU-2019:1603-1

OPENSUSE-SU-2019_1603-1

OPENSUSE-SU-2019_1683-1

RHSA-2020:1180

RHSA-2020_1180

SUSE-SU-2019:1523-1

SUSE-SU-2019:1712-1

USN-4034-1

USN-6985-1

Affected Products

Centos

Imagemagick

Red Hat

Suse

Ubuntu

CVE-2019-11472

Weakness Enumeration

Related Identifiers

Affected Products

References · 92