CyberSec.Space Logo
Back to CVE Browser

CVE-2019-19948

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile36.23th
PublishedDec 24, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.

Affected Platforms (CPE)

πŸ“¦
Imagemagick

Imagemagick

= 7.0.8-43
πŸ’»
Canonical

Ubuntu Linux

= 20.04
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Debian

Debian Linux

= 10.0
πŸ’»
Opensuse

Leap

= 15.1

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html
πŸ”— https://github.com/ImageMagick/ImageMagick/issues/1562
πŸ”— https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html
πŸ”— https://usn.ubuntu.com/4549-1/
πŸ”— https://www.debian.org/security/2020/dsa-4712
πŸ”— https://www.debian.org/security/2020/dsa-4715
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html
πŸ”— https://github.com/ImageMagick/ImageMagick/issues/1562

Related Vulnerabilities

CVE-2004-098110.0

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a ce...

CVE-2021-335649.8

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitr...

CVE-2019-199529.8

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGI...

CVE-2014-98529.8

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecifie...