CVE-2019-11009 — Out-of-bounds Read in Graphicsmagick
Severity
8.1HIGHNVD
NVD6.5CNA8.8OSV8.8
EPSS
1.3%
top 20.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 8
Latest updateMay 24
Description
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2
Affected Packages4 packages
Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 29, 30, Ubuntu Linux 18.04
🔴Vulnerability Details
9📋Vendor Advisories
4Debian▶
CVE-2019-11009: graphicsmagick - In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-re...↗2019
Debian▶
CVE-2019-11473: graphicsmagick - coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of serv...↗2019
Debian▶
CVE-2019-11474: graphicsmagick - coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of serv...↗2019
💬Community
5Bugzilla▶
CVE-2019-11473 graphicsmagick: out of bounds in coders/xwd.c causing denial of service by crafting an XWD image file↗2019-05-08
Bugzilla▶
CVE-2019-11474 graphicsmagick: floating point exception in coders/xwd.c causing denial of service↗2019-05-08
Bugzilla▶
CVE-2019-11009 GraphicsMagick: heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, leading to Dos attack or Information disclosure. [fedora-all]↗2019-04-15
Bugzilla▶
CVE-2019-11009 GraphicsMagick: heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, leading to Dos attack or Information disclosure. [epel-all]↗2019-04-15
Bugzilla▶
CVE-2019-11009 GraphicsMagick: heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, leading to Dos attack or Information disclosure.↗2019-04-15