First published: Tue Feb 05 2019(Updated: )
ImageMagick is vulnerable to a denial of service, caused by a memory leak in WriteDIBImage in coders/dib.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | <6.9.10-25 | |
ImageMagick ImageMagick | >=7.0.0-0<7.0.8-25 | |
openSUSE Leap | =15.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
redhat/ImageMagick 6.9.10 | <25 | 25 |
redhat/ImageMagick 7.0.8 | <25 | 25 |
IBM Data Risk Manager | <=2.0.6 | |
debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3 | |
<6.9.10-25 | ||
>=7.0.0-0<7.0.8-25 | ||
=15.0 | ||
=10.0 | ||
=16.04 | ||
=18.04 | ||
=18.10 | ||
=19.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-7398 is a vulnerability in ImageMagick that allows a remote attacker to cause a denial of service by exploiting a memory leak in WriteDIBImage in coders/dib.c.
CVE-2019-7398 has a severity rating of high with a CVSS score of 7.5.
CVE-2019-7398 affects ImageMagick versions up to 8:6.9.10.23+dfsg-2.1ubuntu2.
To fix CVE-2019-7398, apply the appropriate patch or update provided by the vendor or package maintainer.
You can find more information about CVE-2019-7398 on the OpenSUSE Security Announce mailing list and the SecurityFocus website.