CVE-2019-11505Out-of-bounds Write in Graphicsmagick

CWE-787Out-of-bounds Write6 documents6 sources
Severity
8.8HIGHNVD
EPSS
1.1%
top 21.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
GraphicsmagickCanonical Ubuntu LinuxDebian Linux+2 more
Timeline
PublishedApr 24
Latest updateMay 24

Description

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

Debiangraphicsmagick/graphicsmagick< 1.4~hg15968-1+3
NVDgraphicsmagick/graphicsmagick1.3.81.3.31
NVDopensuse/leap15.0, 15.1, 42.3+2

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 18.04

Patches

Patch: hg.graphicsmagick.orgPatch: hg.graphicsmagick.org

🔴Vulnerability Details

3
GHSA
GHSA-qhr4-cgf5-cv23: In GraphicsMagick from version 12022-05-24
OSV
CVE-2019-11505: In GraphicsMagick from version 12019-04-24
CVEList
CVE-2019-11505: In GraphicsMagick from version 12019-04-24

📋Vendor Advisories

2
Ubuntu
GraphicsMagick vulnerabilities2019-12-03
Debian
CVE-2019-11505: graphicsmagick - In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a hea...2019
CVE-2019-11505 — Out-of-bounds Write in Graphicsmagick | cvebase