What is CVE-2019-16708?

CVE-2019-16708 is a vulnerability in ImageMagick 7.0.8-35 that can be exploited to cause a denial of service condition due to a memory leak in magick/xwindow.c.

How severe is CVE-2019-16708?

CVE-2019-16708 has a severity rating of 6.5, which is considered medium.

Which software versions are affected by CVE-2019-16708?

ImageMagick versions 7.0.8-35, 6.9.10, 6.9.11, and 6.9.12 are affected by CVE-2019-16708.

How can CVE-2019-16708 be fixed?

To fix CVE-2019-16708, users should update to the patched versions of ImageMagick provided by the vendor.

Where can I find more information about CVE-2019-16708?

You can find more information about CVE-2019-16708 on the following references: [1] [2] [3]

Vulnerability/
CVE-2019-16708

medium

6.5

CWE

401

23/9/2019

5/8/2024

CVE-2019-16708

First published: Mon Sep 23 2019(Updated: )

A vulnerability was found in ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. Reference: <a href="https://github.com/ImageMagick/ImageMagick/issues/1531">https://github.com/ImageMagick/ImageMagick/issues/1531</a>

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ImageMagick ImageMagick	=7.0.8-35
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=19.04
Canonical Ubuntu Linux	=19.10
openSUSE Leap	=15.0
openSUSE Leap	=15.1
Debian Debian Linux	=10.0
redhat/ImageMagick 7.0.8	<36	36
redhat/ImageMagick 6.9.10	<36	36
IBM Data Risk Manager	<=2.0.6
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:6.9.13.12+dfsg1-1 8:7.1.1.39+dfsg1-2

Remedy

https://github.com/ImageMagick/ImageMagick/issues/1531

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6335281

Frequently Asked Questions

What is CVE-2019-16708?
CVE-2019-16708 is a vulnerability in ImageMagick 7.0.8-35 that can be exploited to cause a denial of service condition due to a memory leak in magick/xwindow.c.
How severe is CVE-2019-16708?
CVE-2019-16708 has a severity rating of 6.5, which is considered medium.
Which software versions are affected by CVE-2019-16708?
ImageMagick versions 7.0.8-35, 6.9.10, 6.9.11, and 6.9.12 are affected by CVE-2019-16708.
How can CVE-2019-16708 be fixed?
To fix CVE-2019-16708, users should update to the patched versions of ImageMagick provided by the vendor.
Where can I find more information about CVE-2019-16708?
You can find more information about CVE-2019-16708 on the following references: [1] [2] [3]

collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-16708
agent/software-canonical-lookup
agent/weakness
agent/severity
agent/remedy
agent/description
collector/nvd-cve
source/NVD
agent/references
collector/ibm-support
source/IBM
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.8-35
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/19.04
version/canonical ubuntu linux/19.10
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.0
version/opensuse leap/15.1
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
package-manager/redhat
vendor/ibm
canonical/ibm data risk manager
version/ibm data risk manager/2.0.6
package-manager/debian