What is CVE-2019-16709?

CVE-2019-16709 is a vulnerability in ImageMagick 7.0.8-35 that causes a memory leak in coders/dps.c.

How does CVE-2019-16709 affect ImageMagick?

CVE-2019-16709 can be exploited by opening a specially crafted file, potentially leading to a denial of service attack.

What is the severity rating of CVE-2019-16709?

CVE-2019-16709 has a severity rating of 6.5 (medium).

What software versions are affected by CVE-2019-16709?

Versions 7.0.8-35 of ImageMagick, 2.0.6 of IBM Data Risk Manager, and certain versions of openSUSE Leap and Ubuntu Linux are affected.

How do I fix CVE-2019-16709?

To fix CVE-2019-16709, apply the patches provided by the respective vendors or upgrade to the specified versions.

Vulnerability/
CVE-2019-16709

medium

6.5

CWE

401

23/9/2019

5/8/2024

CVE-2019-16709

First published: Mon Sep 23 2019(Updated: )

A vulnerability was found in ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. Reference: <a href="https://github.com/ImageMagick/ImageMagick/issues/1531">https://github.com/ImageMagick/ImageMagick/issues/1531</a>

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ImageMagick ImageMagick	=7.0.8-35
Opensuse Backports	=sle-15
Opensuse Backports	=sle-15-sp1
openSUSE Leap	=15.0
openSUSE Leap	=15.1
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=19.04
Canonical Ubuntu Linux	=19.10
redhat/ImageMagick 7.0.8	<36	36
redhat/ImageMagick 6.9.10	<36	36
IBM Data Risk Manager	<=2.0.6
debian/graphicsmagick		1.4+really1.3.36+hg16481-2+deb11u1 1.4+really1.3.40-4 1.4+really1.3.45-1
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:6.9.13.12+dfsg1-1 8:7.1.1.39+dfsg1-2

Remedy

https://github.com/ImageMagick/ImageMagick/issues/1531

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6335281

Frequently Asked Questions

What is CVE-2019-16709?
CVE-2019-16709 is a vulnerability in ImageMagick 7.0.8-35 that causes a memory leak in coders/dps.c.
How does CVE-2019-16709 affect ImageMagick?
CVE-2019-16709 can be exploited by opening a specially crafted file, potentially leading to a denial of service attack.
What is the severity rating of CVE-2019-16709?
CVE-2019-16709 has a severity rating of 6.5 (medium).
What software versions are affected by CVE-2019-16709?
Versions 7.0.8-35 of ImageMagick, 2.0.6 of IBM Data Risk Manager, and certain versions of openSUSE Leap and Ubuntu Linux are affected.
How do I fix CVE-2019-16709?
To fix CVE-2019-16709, apply the patches provided by the respective vendors or upgrade to the specified versions.

collector/nvd-index
agent/author
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-16709
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/remedy
collector/nvd-cve
source/NVD
agent/description
agent/references
collector/ibm-support
source/IBM
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.8-35
vendor/opensuse
canonical/opensuse backports
version/opensuse backports/sle-15
version/opensuse backports/sle-15-sp1
canonical/opensuse leap
version/opensuse leap/15.0
version/opensuse leap/15.1
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/19.04
version/canonical ubuntu linux/19.10
package-manager/redhat
vendor/ibm
canonical/ibm data risk manager
version/ibm data risk manager/2.0.6
package-manager/debian