First published: Tue Feb 05 2019(Updated: )
ImageMagick is vulnerable to a denial of service, caused by memory leaks in WritePDFImage in coders/pdf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | <6.9.10-25 | |
ImageMagick ImageMagick | >=7.0.0-0<7.0.8-25 | |
Graphicsmagick Graphicsmagick | <=1.3.31 | |
openSUSE Leap | =15.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
redhat/ImageMagick 6.9.10 | <25 | 25 |
redhat/ImageMagick 7.0.8 | <25 | 25 |
IBM Data Risk Manager | <=2.0.6 | |
debian/graphicsmagick | 1.4+really1.3.36+hg16481-2+deb11u1 1.4+really1.3.40-4 1.4+really1.3.45-1 | |
debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3 | |
<6.9.10-25 | ||
>=7.0.0-0<7.0.8-25 | ||
<=1.3.31 | ||
=15.0 | ||
=10.0 | ||
=16.04 | ||
=18.04 | ||
=18.10 | ||
=19.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-7397.
The title of this vulnerability is 'In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31 several memory leaks exist in Write...'.
The severity of CVE-2019-7397 is high with a CVSS score of 7.5.
ImageMagick versions 6.9.10-25 and 7.0.8-25, as well as GraphicsMagick version 1.3.31 are affected by this vulnerability.
To fix CVE-2019-7397, you should apply the available patches provided by the respective vendors: IBM for Data Risk Manager, Red Hat for ImageMagick, and Debian for GraphicsMagick.