How severe is CVE-2019-12975?

CVE-2019-12975 has a severity value of 5.5, which is considered medium.

How can CVE-2019-12975 be exploited?

CVE-2019-12975 can be exploited by persuading a victim to open a specially crafted file, which can cause a denial of service condition.

What is the affected software?

The affected software includes ImageMagick 7.0.8-34 and various versions in different distributions.

How can I fix CVE-2019-12975?

To fix CVE-2019-12975, update to the recommended versions provided by the respective distributions or apply the available patches.

Vulnerability/
CVE-2019-12975

medium

5.5

CWE

401

26/6/2019

4/8/2024

CVE-2019-12975

Q: What is CVE-2019-12975?

CVE-2019-12975 is a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c in ImageMagick 7.0.8-34.

First published: Wed Jun 26 2019(Updated: )

ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. Reference: <a href="https://github.com/ImageMagick/ImageMagick/issues/1517">https://github.com/ImageMagick/ImageMagick/issues/1517</a>

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ImageMagick ImageMagick	=7.0.8-34
Debian Debian Linux	=10.0
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=19.04
Canonical Ubuntu Linux	=19.10
openSUSE Leap	=15.0
openSUSE Leap	=15.1
redhat/ImageMagick 6.9.10	<36	36
redhat/ImageMagick 7.0.8	<36	36
IBM Data Risk Manager	<=2.0.6
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:6.9.13.12+dfsg1-1 8:7.1.1.39+dfsg1-2

Remedy

https://github.com/ImageMagick/ImageMagick/issues/1517

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6335281

Frequently Asked Questions

What is CVE-2019-12975?
CVE-2019-12975 is a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c in ImageMagick 7.0.8-34.
How severe is CVE-2019-12975?
CVE-2019-12975 has a severity value of 5.5, which is considered medium.
How can CVE-2019-12975 be exploited?
CVE-2019-12975 can be exploited by persuading a victim to open a specially crafted file, which can cause a denial of service condition.
What is the affected software?
The affected software includes ImageMagick 7.0.8-34 and various versions in different distributions.
How can I fix CVE-2019-12975?
To fix CVE-2019-12975, update to the recommended versions provided by the respective distributions or apply the available patches.

collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-12975
agent/software-canonical-lookup
agent/weakness
agent/remedy
agent/severity
agent/description
collector/nvd-cve
source/NVD
collector/ibm-support
source/IBM
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
collector/security-tracker-debian
source/Debian
agent/references
agent/tags
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.8-34
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/19.04
version/canonical ubuntu linux/19.10
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.0
version/opensuse leap/15.1
package-manager/redhat
vendor/ibm
canonical/ibm data risk manager
version/ibm data risk manager/2.0.6
package-manager/debian