CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-19948

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile36.23th
Published2019年12月24日
Last Modified2024年11月21日

Vulnerability Description

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.

Affected Platforms (CPE)

📦
Imagemagick

Imagemagick

= 7.0.8-43
💻
Canonical

Ubuntu Linux

= 20.04
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0
💻
Debian

Debian Linux

= 10.0
💻
Opensuse

Leap

= 15.1

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html
🔗 https://github.com/ImageMagick/ImageMagick/issues/1562
🔗 https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html
🔗 https://usn.ubuntu.com/4549-1/
🔗 https://www.debian.org/security/2020/dsa-4712
🔗 https://www.debian.org/security/2020/dsa-4715
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html
🔗 https://github.com/ImageMagick/ImageMagick/issues/1562

関連する脆弱性情報

CVE-2004-098110.0

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a ce...

CVE-2021-335649.8

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitr...

CVE-2019-199529.8

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGI...

CVE-2014-98529.8

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecifie...