CVE-2019-15140Use After Free in Imagemagick

CWE-416Use After Free11 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.8%
top 25.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickGoogle Android
Timeline
PublishedAug 18
Latest updateOct 3

Description

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.24+dfsg-1 (bookworm)
Debianimagemagick/imagemagick< 8:6.9.11.24+dfsg-1+3

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-fm7h-6q8j-c522: coders/mat2022-05-24
OSV
CVE-2019-15140: coders/mat2019-08-18

📋Vendor Advisories

5
Ubuntu
ImageMagick vulnerabilities2024-10-03
Android
CVE-2019-15140: Android Security Bulletin 2019-12-01 CVE: CVE-2019-15140 Severity: HIGH Type: RCE Affected AOSP versions: 82019-12-01
Ubuntu
ImageMagick vulnerabilities2019-11-14
Red Hat
ImageMagick: Use after free in ReadMATImage in coders/mat.c2019-04-27
Debian
CVE-2019-15140: imagemagick - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a deni...2019

💬Community

3
Bugzilla
CVE-2019-15140 ImageMagick: use-after-free in ReadImage in MagickCore/constitute.c [fedora-all]2019-11-01
Bugzilla
CVE-2019-15140 ImageMagick: Use after free in ReadMATImage in coders/mat.c2019-11-01
Bugzilla
CVE-2019-15140 ImageMagick: use-after-free in ReadImage in MagickCore/constitute.c [epel-8]2019-11-01