CVE-2019-11008 — Out-of-bounds Write in Graphicsmagick
Severity
8.8HIGHNVD
NVD6.5
EPSS
2.1%
top 15.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 8
Latest updateMay 24
Description
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 29, 30, Ubuntu Linux 18.04
🔴Vulnerability Details
9📋Vendor Advisories
4Debian▶
CVE-2019-11473: graphicsmagick - coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of serv...↗2019
Debian▶
CVE-2019-11008: graphicsmagick - In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflo...↗2019
Debian▶
CVE-2019-11474: graphicsmagick - coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of serv...↗2019
💬Community
5Bugzilla▶
CVE-2019-11473 graphicsmagick: out of bounds in coders/xwd.c causing denial of service by crafting an XWD image file↗2019-05-08
Bugzilla▶
CVE-2019-11474 graphicsmagick: floating point exception in coders/xwd.c causing denial of service↗2019-05-08
Bugzilla▶
CVE-2019-11008 GraphicsMagick: heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c leading to DoS attack. [fedora-all]↗2019-04-15
Bugzilla▶
CVE-2019-11008 GraphicsMagick: heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c leading to DoS attack.↗2019-04-15
Bugzilla▶
CVE-2019-11008 GraphicsMagick: heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c leading to DoS attack. [epel-all]↗2019-04-15