CVE-2019-10714 — Out-of-bounds Read in Imagemagick

CWE-125 — Out-of-bounds Read8 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 44.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedApr 2

Latest updateMay 13

Description

LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDimagemagick/imagemagick7.0.0-0 — 7.0.8-32+1

▶debiandebian/imagemagick

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-43wq-f4x7-q723: LocaleLowercase in MagickCore/locale↗2022-05-13

▶

📋Vendor Advisories

Red Hat

ImageMagick: out-of-bounds access in function LocaleLowercase in MagickCore/locale.c leads to SIGSEGV↗2019-03-04

▶

Debian

CVE-2019-10714: imagemagick - LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out...↗2019

▶

💬Community

Bugzilla

CVE-2019-10714 GraphicsMagick: ImageMagick: out-of-bounds access in function LocaleLowercase in MagickCore/locale.c leads to SIGSEGV [epel-7]↗2019-04-22

▶

Bugzilla

CVE-2019-10714 GraphicsMagick: ImageMagick: out-of-bounds access in function LocaleLowercase in MagickCore/locale.c leads to SIGSEGV [fedora-all]↗2019-04-22

▶

Bugzilla

CVE-2019-10714 ImageMagick: out-of-bounds access in function LocaleLowercase in MagickCore/locale.c leads to SIGSEGV [fedora-all]↗2019-04-03

▶

Bugzilla

CVE-2019-10714 ImageMagick: out-of-bounds access in function LocaleLowercase in MagickCore/locale.c leads to SIGSEGV↗2019-04-03

▶