CVE-2019-11472

ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
imagemagickimagemagick
7.0.8-41:q16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bullseye
8:6.9.11.60+dfsg-1.3+deb11u4
fixed
jessie
ignored
bullseye (security)
8:6.9.11.60+dfsg-1.3+deb11u3
fixed
bookworm
8:6.9.11.60+dfsg-1.6+deb12u2
fixed
bookworm (security)
8:6.9.11.60+dfsg-1.6+deb12u1
fixed
trixie
8:6.9.13.12+dfsg1-1
fixed
sid
8:7.1.1.39+dfsg1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
imagemagick
noble
Fixed 8:6.9.10.23+dfsg-2.1ubuntu2
released
mantic
Fixed 8:6.9.10.23+dfsg-2.1ubuntu2
released
lunar
Fixed 8:6.9.10.23+dfsg-2.1ubuntu2
released
kinetic
Fixed 8:6.9.10.23+dfsg-2.1ubuntu2
released
jammy
Fixed 8:6.9.10.23+dfsg-2.1ubuntu2
released
focal
Fixed 8:6.9.10.23+dfsg-2.1ubuntu2
released
disco
Fixed 8:6.9.10.14+dfsg-7ubuntu2.2
released
cosmic
Fixed 8:6.9.10.8+dfsg-1ubuntu2.2
released
bionic
Fixed 8:6.9.7.4+dfsg-16ubuntu6.7
released
xenial
Fixed 8:6.8.9.9-7ubuntu5.14
released
trusty
Fixed 8:6.7.7.10-6ubuntu3.13+esm9
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html
https://github.com/ImageMagick/ImageMagick/issues/1546
https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4
https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
https://usn.ubuntu.com/4034-1/
https://www.debian.org/security/2020/dsa-4712
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html
https://github.com/ImageMagick/ImageMagick/issues/1546
https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4
https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
https://usn.ubuntu.com/4034-1/
https://www.debian.org/security/2020/dsa-4712