CyberSec.Space Logo
Back to CVE Browser

CVE-2019-19952

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile16.88th
PublishedDec 24, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.

Affected Platforms (CPE)

📦
Imagemagick

Imagemagick

>= 7.0.8-61 and < 7.0.9-7

References & Advisories

🔗 https://github.com/ImageMagick/ImageMagick/issues/1791
🔗 https://github.com/ImageMagick/ImageMagick/issues/1791

Related Vulnerabilities

CVE-2004-098110.0

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a ce...

CVE-2021-335649.8

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitr...

CVE-2019-199489.8

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.

CVE-2014-98529.8

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecifie...

CVE-2019-19952 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space