CVE-2019-12974NULL Pointer Dereference in Imagemagick

CWE-476NULL Pointer Dereference9 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 58.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ImagemagickDebian Imagemagick
Timeline
PublishedJun 26
Latest updateSep 4

Description

A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.24+dfsg-1 (bookworm)
Debianimagemagick/imagemagick< 8:6.9.11.24+dfsg-1+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-6824-rh76-5m7v: A NULL pointer dereference in the function ReadPANGOImage in coders/pango2022-05-24
OSV
CVE-2019-12974: A NULL pointer dereference in the function ReadPANGOImage in coders/pango2019-06-26

📋Vendor Advisories

4
Ubuntu
ImageMagick vulnerabilities2024-09-04
Ubuntu
ImageMagick vulnerabilities2019-11-14
Red Hat
imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service2019-06-26
Debian
CVE-2019-12974: imagemagick - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and ...2019

💬Community

2
Bugzilla
CVE-2019-12974 imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service2019-07-23
Bugzilla
CVE-2019-12974 ImageMagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service [fedora-all]2019-07-23