First published: Thu Mar 07 2019(Updated: )
ImageMagick could allow a remote attacker to obtain sensitive information, caused by memory leaks in DecodeImage in coders/pcd.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | <6.9.10-25 | |
ImageMagick ImageMagick | >=7.0.0-0<7.0.8-25 | |
openSUSE Leap | =15.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
redhat/ImageMagick 6.9.10 | <25 | 25 |
redhat/ImageMagick 7.0.8 | <25 | 25 |
IBM Data Risk Manager | <=2.0.6 | |
debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3 | |
<6.9.10-25 | ||
>=7.0.0-0<7.0.8-25 | ||
=15.0 | ||
=10.0 | ||
=16.04 | ||
=18.04 | ||
=18.10 | ||
=19.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-7175 is high with a severity value of 7.5.
CVE-2019-7175 affects ImageMagick by causing memory leaks in the DecodeImage function in coders/pcd.c.
A remote attacker can exploit CVE-2019-7175 by persuading a victim to open a specially-crafted file, allowing the attacker to obtain sensitive information.
Versions of ImageMagick up to and including 7.0.8-25 are affected by CVE-2019-7175.
Yes, there are patches and updates available for CVE-2019-7175. Please check the references for more information.