What is CVE-2019-13135?

CVE-2019-13135 is a vulnerability in ImageMagick that allows a remote attacker to cause a denial of service.

How can the CVE-2019-13135 vulnerability be exploited?

The CVE-2019-13135 vulnerability can be exploited by persuading a victim to open a specially crafted file.

How severe is CVE-2019-13135?

CVE-2019-13135 has a severity rating of 8.8 (high).

Is there a patch available for CVE-2019-13135?

Yes, a patch is available for CVE-2019-13135. Please refer to the vendor's website for the patch.

Which software versions are affected by CVE-2019-13135?

ImageMagick versions before 7.0.8-50 and 6.9.10-50 are affected by CVE-2019-13135.

Vulnerability/
CVE-2019-13135

high

8.8

CWE

908

1/7/2019

7/11/2023

CVE-2019-13135

First published: Mon Jul 01 2019(Updated: )

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
IBM Data Risk Manager	<=2.0.6
ImageMagick ImageMagick	<6.9.10-50
ImageMagick ImageMagick	>=7.0.0-0<7.0.8-50
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=19.04
Canonical Ubuntu Linux	=19.10
F5 Big-ip Application Acceleration Manager	>=11.5.2<11.6.5.2
F5 Big-ip Application Acceleration Manager	>=12.1.0<12.1.5.2
F5 Big-ip Application Acceleration Manager	>=13.1.0<13.1.3.4
F5 Big-ip Application Acceleration Manager	>=14.0.0<14.1.2.5
F5 Big-ip Application Acceleration Manager	>=15.0.0<15.0.1.3
F5 Big-ip Application Acceleration Manager	>=15.1.0<15.1.0.2
F5 Big-ip Webaccelerator	>=11.5.2<11.6.5.2
F5 Big-ip Webaccelerator	>=12.1.0<12.1.5.2
F5 Big-ip Webaccelerator	>=13.1.0<13.1.3.4
F5 Big-ip Webaccelerator	>=14.0.0<14.1.2.5
F5 Big-ip Webaccelerator	>=15.0.0<15.0.1.3
F5 Big-ip Webaccelerator	>=15.1.0<15.1.0.2
redhat/ImageMagick 6.9.10	<50	50
redhat/ImageMagick 7.0.8	<50	50
ubuntu/imagemagick	<8:6.9.7.4+dfsg-16ubuntu6.8	8:6.9.7.4+dfsg-16ubuntu6.8
ubuntu/imagemagick	<8:6.9.10.14+dfsg-7ubuntu2.3	8:6.9.10.14+dfsg-7ubuntu2.3
ubuntu/imagemagick	<8:6.9.10.23+dfsg-2.1ubuntu3.1	8:6.9.10.23+dfsg-2.1ubuntu3.1
ubuntu/imagemagick	<8:6.9.10.23+dfsg-2.1ubuntu9	8:6.9.10.23+dfsg-2.1ubuntu9
ubuntu/imagemagick	<8:6.9.10.23+dfsg-2.1ubuntu9	8:6.9.10.23+dfsg-2.1ubuntu9
ubuntu/imagemagick	<8:6.9.10.23+dfsg-2.1ubuntu9	8:6.9.10.23+dfsg-2.1ubuntu9
ubuntu/imagemagick	<8:6.9.10.23+dfsg-2.1ubuntu9	8:6.9.10.23+dfsg-2.1ubuntu9
ubuntu/imagemagick	<8:6.8.9.9-7ubuntu5.15	8:6.8.9.9-7ubuntu5.15
ubuntu/imagemagick	<8:6.9.10.23+dfsg-2.1ubuntu9	8:6.9.10.23+dfsg-2.1ubuntu9
debian/imagemagick		8:6.9.10.23+dfsg-2.1+deb10u1 8:6.9.10.23+dfsg-2.1+deb10u7 8:6.9.11.60+dfsg-1.3+deb11u2 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6 8:6.9.11.60+dfsg-1.6+deb12u1 8:6.9.12.98+dfsg1-5 8:6.9.12.98+dfsg1-5.2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2019-13135?
CVE-2019-13135 is a vulnerability in ImageMagick that allows a remote attacker to cause a denial of service.
How can the CVE-2019-13135 vulnerability be exploited?
The CVE-2019-13135 vulnerability can be exploited by persuading a victim to open a specially crafted file.
How severe is CVE-2019-13135?
CVE-2019-13135 has a severity rating of 8.8 (high).
Is there a patch available for CVE-2019-13135?
Yes, a patch is available for CVE-2019-13135. Please refer to the vendor's website for the patch.
Which software versions are affected by CVE-2019-13135?
ImageMagick versions before 7.0.8-50 and 6.9.10-50 are affected by CVE-2019-13135.

collector/ibm-support
collector/nvd-index
agent/type
agent/first-publish-date
agent/last-modified-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-13135
agent/software-canonical-lookup
agent/weakness
agent/remedy
agent/severity
agent/references
agent/description
collector/nvd-cve
source/NVD
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/ibm
canonical/ibm data risk manager
version/ibm data risk manager/2.0.6
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.0-0
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
version/debian debian linux/10.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/19.04
version/canonical ubuntu linux/19.10
vendor/f5
canonical/f5 big-ip application acceleration manager
version/f5 big-ip application acceleration manager/11.5.2
version/f5 big-ip application acceleration manager/12.1.0
version/f5 big-ip application acceleration manager/13.1.0
version/f5 big-ip application acceleration manager/14.0.0
version/f5 big-ip application acceleration manager/15.0.0
version/f5 big-ip application acceleration manager/15.1.0
canonical/f5 big-ip webaccelerator
version/f5 big-ip webaccelerator/11.5.2
version/f5 big-ip webaccelerator/12.1.0
version/f5 big-ip webaccelerator/13.1.0
version/f5 big-ip webaccelerator/14.0.0
version/f5 big-ip webaccelerator/15.0.0
version/f5 big-ip webaccelerator/15.1.0
package-manager/redhat
package-manager/debian
package-manager/ubuntu

CVE-2019-13135

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is CVE-2019-13135?

How can the CVE-2019-13135 vulnerability be exploited?

How severe is CVE-2019-13135?

Is there a patch available for CVE-2019-13135?

Which software versions are affected by CVE-2019-13135?

Company

Resources

Contact