What is CVE-2019-7398?

CVE-2019-7398 is a vulnerability in ImageMagick that allows a remote attacker to cause a denial of service by exploiting a memory leak in WriteDIBImage in coders/dib.c.

How severe is CVE-2019-7398?

CVE-2019-7398 has a severity rating of high with a CVSS score of 7.5.

Which versions of ImageMagick are affected by CVE-2019-7398?

CVE-2019-7398 affects ImageMagick versions up to 8:6.9.10.23+dfsg-2.1ubuntu2.

How can I fix CVE-2019-7398?

To fix CVE-2019-7398, apply the appropriate patch or update provided by the vendor or package maintainer.

Where can I find more information about CVE-2019-7398?

You can find more information about CVE-2019-7398 on the OpenSUSE Security Announce mailing list and the SecurityFocus website.

Vulnerability/
CVE-2019-7398

high

7.5

CWE

401

5/2/2019

4/8/2024

CVE-2019-7398

First published: Tue Feb 05 2019(Updated: )

ImageMagick is vulnerable to a denial of service, caused by a memory leak in WriteDIBImage in coders/dib.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ImageMagick ImageMagick	<6.9.10-25
ImageMagick ImageMagick	>=7.0.0-0<7.0.8-25
openSUSE Leap	=15.0
Debian Debian Linux	=10.0
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=18.10
Canonical Ubuntu Linux	=19.04
redhat/ImageMagick 6.9.10	<25	25
redhat/ImageMagick 7.0.8	<25	25
IBM Data Risk Manager	<=2.0.6
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:6.9.13.12+dfsg1-1 8:7.1.1.39+dfsg1-2

Remedy

https://github.com/ImageMagick/ImageMagick/issues/1453

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6335281

Frequently Asked Questions

What is CVE-2019-7398?
CVE-2019-7398 is a vulnerability in ImageMagick that allows a remote attacker to cause a denial of service by exploiting a memory leak in WriteDIBImage in coders/dib.c.
How severe is CVE-2019-7398?
CVE-2019-7398 has a severity rating of high with a CVSS score of 7.5.
Which versions of ImageMagick are affected by CVE-2019-7398?
CVE-2019-7398 affects ImageMagick versions up to 8:6.9.10.23+dfsg-2.1ubuntu2.
How can I fix CVE-2019-7398?
To fix CVE-2019-7398, apply the appropriate patch or update provided by the vendor or package maintainer.
Where can I find more information about CVE-2019-7398?
You can find more information about CVE-2019-7398 on the OpenSUSE Security Announce mailing list and the SecurityFocus website.

collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-7398
agent/weakness
agent/severity
agent/description
agent/remedy
agent/references
collector/ibm-support
source/IBM
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.0-0
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/18.10
version/canonical ubuntu linux/19.04
package-manager/redhat
vendor/ibm
canonical/ibm data risk manager
version/ibm data risk manager/2.0.6
package-manager/debian