CVE-2019-13135Use of Uninitialized Resource in Imagemagick

CWE-908Use of Uninitialized ResourceCWE-456Missing Initialization of a Variable10 documents8 sources
Severity
8.8HIGHNVD
EPSS
2.6%
top 14.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
ImagemagickF5 Big-ip Application Acceleration ManagerF5 Big-ip Webaccelerator+2 more
Timeline
PublishedJul 1
Latest updateOct 3

Description

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDimagemagick/imagemagick7.0.0-07.0.8-50+1
Debianimagemagick/imagemagick< 8:6.9.11.24+dfsg-1+3
NVDf5/big-ip_webaccelerator11.5.211.6.5.2+5

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 16.04, 18.04, 19.04, 19.10

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-mmg6-pq22-8rvg: ImageMagick before 72022-05-24
CVEList
CVE-2019-13135: ImageMagick before 72019-07-01
OSV
CVE-2019-13135: ImageMagick before 72019-07-01

📋Vendor Advisories

4
Ubuntu
ImageMagick vulnerabilities2024-10-03
Ubuntu
ImageMagick vulnerabilities2019-11-14
Red Hat
ImageMagick: a "use of uninitialized value" vulnerability in the function ReadCUTImage leading to a crash and DoS2019-06-19
Debian
CVE-2019-13135: imagemagick - ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in ...2019

💬Community

2
Bugzilla
CVE-2019-13135 ImageMagick: a "use of uninitialized value" vulnerability in the function ReadCUTImage leading to a crash and DoS [fedora-all]2019-07-02
Bugzilla
CVE-2019-13135 ImageMagick: a "use of uninitialized value" vulnerability in the function ReadCUTImage leading to a crash and DoS2019-07-02
CVE-2019-13135 — Use of Uninitialized Resource | cvebase