CVE-2019-19952 — Use After Free in Imagemagick

Severity

9.8CRITICALNVD

EPSS

0.5%

top 36.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 24

Latest updateMay 24

Description

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

▶NVDimagemagick/imagemagick7.0.8-61 — 7.0.9-7

GHSA

GHSA-x77f-4pxj-9mvh: In ImageMagick 7↗2022-05-24

▶

Red Hat

ImageMagick: use-after-free in MngInfoDiscardObject in coders/png.c↗2019-12-23

▶

Debian

CVE-2019-19952: imagemagick - In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDis...↗2019

▶

Bugzilla

CVE-2019-19952 ImageMagick: use-after-free in MngInfoDiscardObject in coders/png.c [epel-8]↗2020-01-17

▶

Bugzilla

CVE-2019-19952 ImageMagick: use-after-free in MngInfoDiscardObject in coders/png.c↗2020-01-17

▶

Bugzilla

CVE-2019-19952 ImageMagick: use-after-free in MngInfoDiscardObject in coders/png.c [fedora-all]↗2020-01-17

▶