CVE-2019-14980 — Use After Free in Imagemagick

CWE-416 — Use After Free6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 58.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Opensuse Leap Debian Imagemagick

Timeline

PublishedAug 12

Latest updateMay 24

Description

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDimagemagick/imagemagick6.0 — 6.9.10-42+1

▶debiandebian/imagemagick

▶NVDopensuse/leap15.0, 15.1+1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-85q2-94hx-c24v: In ImageMagick 7↗2022-05-24

▶

📋Vendor Advisories

Red Hat

ImageMagick: use-after-free in magick/blob.c resulting in a denial of service↗2019-04-21

▶

Debian

CVE-2019-14980: imagemagick - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use afte...↗2019

▶

💬Community

Bugzilla

CVE-2019-14980 ImageMagick: use-after-free in magick/blob.c resulting in a denial of service [fedora-all]↗2019-10-21

▶

Bugzilla

CVE-2019-14980 ImageMagick: use-after-free in magick/blob.c resulting in a denial of service↗2019-10-02

▶