What is CVE-2019-12977?

CVE-2019-12977 is a vulnerability in ImageMagick 7.0.8-34 that allows the use of uninitialized values in the WriteJP2Image function in coders/jp2.c.

What is the severity of CVE-2019-12977?

The severity of CVE-2019-12977 is high with a CVSS score of 7.8.

Which software versions are affected by CVE-2019-12977?

Versions 7.0.8-34 of ImageMagick, 8:6.9.7.4+dfsg-16ubuntu6.8, 8:6.9.10.14+dfsg-7ubuntu2.3, 8:6.9.10.23+dfsg-2.1ubuntu3.1, 8:6.9.10.23+dfsg-2.1ubuntu9, and 8:6.8.9.9-7ubuntu5.15 are affected.

How can I fix CVE-2019-12977?

To fix CVE-2019-12977, update ImageMagick to version 8:6.9.10.23+dfsg-2.1+deb10u1, 8:6.9.10.23+dfsg-2.1+deb10u5, 8:6.9.11.60+dfsg-1.3+deb11u1, 8:6.9.11.60+dfsg-1.6, 8:6.9.12.98+dfsg1-3, or 8:6.9.12.98+dfsg1-4.

Where can I find more information about CVE-2019-12977?

You can find more information about CVE-2019-12977 at the following references: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html, http://www.securityfocus.com/bid/108913, https://github.com/ImageMagick/ImageMagick/issues/1518.

Vulnerability/
CVE-2019-12977

high

7.8

CWE

665

26/6/2019

21/11/2024

CVE-2019-12977

First published: Wed Jun 26 2019(Updated: )

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.43+dfsg1-1
ImageMagick	=7.0.8-34

Remedy

https://github.com/ImageMagick/ImageMagick/issues/1518

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-12977?
CVE-2019-12977 is a vulnerability in ImageMagick 7.0.8-34 that allows the use of uninitialized values in the WriteJP2Image function in coders/jp2.c.
What is the severity of CVE-2019-12977?
The severity of CVE-2019-12977 is high with a CVSS score of 7.8.
Which software versions are affected by CVE-2019-12977?
Versions 7.0.8-34 of ImageMagick, 8:6.9.7.4+dfsg-16ubuntu6.8, 8:6.9.10.14+dfsg-7ubuntu2.3, 8:6.9.10.23+dfsg-2.1ubuntu3.1, 8:6.9.10.23+dfsg-2.1ubuntu9, and 8:6.8.9.9-7ubuntu5.15 are affected.
How can I fix CVE-2019-12977?
To fix CVE-2019-12977, update ImageMagick to version 8:6.9.10.23+dfsg-2.1+deb10u1, 8:6.9.10.23+dfsg-2.1+deb10u5, 8:6.9.11.60+dfsg-1.3+deb11u1, 8:6.9.11.60+dfsg-1.6, 8:6.9.12.98+dfsg1-3, or 8:6.9.12.98+dfsg1-4.
Where can I find more information about CVE-2019-12977?
You can find more information about CVE-2019-12977 at the following references: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html, http://www.securityfocus.com/bid/108913, https://github.com/ImageMagick/ImageMagick/issues/1518.

agent/type
collector/launchpad-cve
source/Launchpad
agent/author
agent/severity
agent/weakness
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/remedy
agent/references
agent/first-publish-date
agent/description
agent/trending
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/source
agent/tags
agent/last-modified-date
agent/softwarecombine
agent/event
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/debian
vendor/imagemagick
canonical/imagemagick
version/imagemagick/7.0.8-34