CVE-2019-17540Out-of-bounds Write in Imagemagick

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow6 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 43.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian LinuxDebian Imagemagick
Timeline
PublishedOct 14
Latest updateMay 24

Description

ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDimagemagick/imagemagick6.9.10-546.9.10-55+1

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: bugs.debian.orgPatch: github.comPatch: security-tracker.debian.org

🔴Vulnerability Details

1
GHSA
GHSA-2qcx-339j-m3wx: ImageMagick before 72022-05-24

📋Vendor Advisories

2
Red Hat
ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c2019-07-14
Debian
CVE-2019-17540: imagemagick - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in co...2019

💬Community

2
Bugzilla
CVE-2019-17540 ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c2019-10-24
Bugzilla
CVE-2019-17540 ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c [fedora-all]2019-10-24