CVE-2019-17540: Buffer Overflow
First published: Mon Oct 14 2019(Updated: )
ImageMagick is vulnerable to a heap-based buffer overflow, caused by a flaw in the ReadPSInfo function in coders/ps.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/imagemagick | 8:6.9.10.23+dfsg-2.1+deb10u1 8:6.9.10.23+dfsg-2.1+deb10u5 8:6.9.11.60+dfsg-1.3+deb11u1 8:6.9.11.60+dfsg-1.6 | |
| ImageMagick ImageMagick | >=6.9.10-54<6.9.10-55 | |
| ImageMagick ImageMagick | >=7.0.0-0<7.0.8-54 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| IBM Data Risk Manager | <=2.0.6 | |
| redhat/ImageMagick 6.9.10 | <55 | 55 |
| redhat/ImageMagick 7.0.8 | <54 | 54 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2019-17540
- https://github.com/ImageMagick/ImageMagick/commit/668d6a970553a94b0a2e378afda1d37abac94b5c
- https://github.com/ImageMagick/ImageMagick/commit/9667a9034a5eeedb30dfb18cfd1083ff32fd679b
- https://github.com/ImageMagick/ImageMagick/commit/73dd03cfb57f8f8c0a732fa062b9966ec7bf2f91
- https://github.com/ImageMagick/ImageMagick/commit/e868e227085463932c5db32e5e0f27e306a0eb95
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942578
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15826
- https://github.com/ImageMagick/ImageMagick6/commit/bfb5bdd6b41dac60d5171108fc02ecaf8735c4a8
- https://github.com/ImageMagick/ImageMagick6/commit/b9261b1bce3dbfeecc445e092d207434b41c0752
- https://github.com/ImageMagick/ImageMagick6/commit/5a4c9cfb76ee82bda0cd970cc9e58499b09cc137
- https://github.com/ImageMagick/ImageMagick6/commit/41399a3414069870071e47680b0bbbe0a283db5d
- https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
- https://github.com/ImageMagick/ImageMagick/compare/7.0.8-53...7.0.8-54
- https://github.com/ImageMagick/ImageMagick/compare/master@%7B2019-07-15%7D...master@%7B2019-07-17%7D
- https://exchange.xforce.ibmcloud.com/vulnerabilities/168960
- https://www.ibm.com/support/pages/node/6335281 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1765335
- https://github.com/imagemagick/imagemagick/compare/ad63c1c0ff19ce44d8c50512a238997a37d1e178...08af6505d26238d234b8ddf555f886301a3e7f76#diff-dd232d4da9772957b420ca411a1ddde3
- https://github.com/ImageMagick/ImageMagick/compare/1ad4c59...e868e22
- https://github.com/ImageMagick/ImageMagick6/compare/adb2da9...41399a3
- https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc7
- https://access.redhat.com/errata/RHSA-2020:1180
- https://access.redhat.com/security/cve/cve-2019-17540
- https://bugzilla.redhat.com/show_bug.cgi?id=1765330
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/debian-bugs
- alias/CVE-2019-17540
- collector/ibm-support
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- collector/security-tracker-debian
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6
- vendor/imagemagick
- canonical/imagemagick imagemagick
- version/imagemagick imagemagick/6.9.10-54
- version/imagemagick imagemagick/7.0.0-0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- package-manager/redhat
- package-manager/debian