CVE-2019-10131
30.04.2019, 19:29
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 𝑥 < 6.9.9-40 |
| imagemagick | imagemagick | 7.0.0-0 ≤ 𝑥 < 7.0.7-28 |
| redhat | enterprise_linux | 7.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 18.10 |
| canonical | ubuntu_linux | 19.04 |
| opensuse | leap | 42.3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| imagemagick |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ImageMagick |
| ||||||||||||||||||||||
| ImageMagick-config-6-SUSE |
| ||||||||||||||||||||||
| ImageMagick-config-6-upstream |
| ||||||||||||||||||||||
| libMagick++-6_Q16-3 |
| ||||||||||||||||||||||
| libMagickCore-6_Q16-1 |
| ||||||||||||||||||||||
| libMagickCore-6_Q16-1-32bit |
| ||||||||||||||||||||||
| libMagickWand-6_Q16-1 |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||
|---|---|---|---|
| ImageMagick |
| ||
| ImageMagick-c |
| ||
| ImageMagick-devel |
| ||
| ImageMagick-doc |
| ||
| ImageMagick-perl |
| ||
| autotrace |
| ||
| autotrace-devel |
| ||
| emacs |
| ||
| emacs-common |
| ||
| emacs-el |
| ||
| emacs-filesystem |
| ||
| emacs-nox |
| ||
| emacs-terminal |
| ||
| inkscape |
| ||
| inkscape-docs |
| ||
| inkscape-view |
|
Common Weakness Enumeration
References