CVE-2019-11597 — Out-of-bounds Read in Imagemagick

CWE-125 — Out-of-bounds Read CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow17 documents7 sources

Severity

8.1HIGHNVD

NVD6.5

EPSS

0.2%

top 55.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick Opensuse Leap

Timeline

PublishedApr 29

Latest updateSep 4

Description

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages5 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.11.24+dfsg-1 (bookworm)+1

▶Debianimagemagick/imagemagick< 8:6.9.11.24+dfsg-1+3

▶Ubuntuimagemagick/imagemagick< 8:6.8.9.9-7ubuntu5.14+2

▶NVDimagemagick/imagemagick7.0.8-43

▶NVDopensuse/leap15.0, 15.1+1

🔴Vulnerability Details

GHSA

GHSA-3v23-qhr8-m9w2: In ImageMagick 7↗2022-05-24

▶

GHSA

GHSA-25x5-8pr2-jjhj: WriteTIFFImage in coders/tiff↗2022-05-24

▶

OSV

CVE-2019-15141: WriteTIFFImage in coders/tiff↗2019-08-18

▶

OSV

CVE-2019-11597: In ImageMagick 7↗2019-04-29

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2024-09-04

▶

Ubuntu

ImageMagick vulnerabilities↗2019-06-25

▶

Red Hat

ImageMagick: heap-based buffer overflow in WriteTIFFImage in coders/tiff.c↗2019-04-28

▶

Red Hat

ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure↗2019-04-27

▶

Debian

CVE-2019-11597: imagemagick - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the funct...↗2019

▶

💬Community

Bugzilla

CVE-2019-15141 ImageMagick: heap-based buffer overflow in WriteTIFFImage in coders/tiff.c↗2019-11-01

▶

Bugzilla

CVE-2019-11597 GraphicsMagick: ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure [fedora-all]↗2019-05-02

▶

Bugzilla

CVE-2019-11597 ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure [fedora-all]↗2019-05-02

▶

Bugzilla

CVE-2019-11597 ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure↗2019-05-02

▶

Bugzilla

CVE-2019-11597 GraphicsMagick: ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure [epel-all]↗2019-05-02

▶