First published: Tue Apr 30 2019(Updated: )
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | <6.9.9-40 | |
ImageMagick ImageMagick | >=7.0.0-0<7.0.7-28 | |
Redhat Enterprise Linux | =7.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
openSUSE Leap | =42.3 | |
redhat/ImageMagick 7.0.7 | <28 | 28 |
redhat/ImageMagick 6.9.9 | <40 | 40 |
IBM Data Risk Manager | <=2.0.6 | |
debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:6.9.13.12+dfsg1-1 8:7.1.1.39+dfsg1-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10131 is an off-by-one read vulnerability in ImageMagick before version 7.0.7-28.
The severity of CVE-2019-10131 is high with a CVSS score of 7.1.
CVE-2019-10131 affects ImageMagick by causing a denial of service due to an off-by-one read flaw in the formatIPTCfromBuffer function in coders/meta.c.
Yes, there are remedies available for CVE-2019-10131 depending on the affected software or package version.
You can find more information about CVE-2019-10131 at the following references: [1], [2], [3].