CVE-2019-19949

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
imagemagickimagemagick
6.9.9-33 ≤
𝑥
< 6.9.10-43
imagemagickimagemagick
7.0.7-23 ≤
𝑥
< 7.0.8-43
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
canonicalubuntu_linux
20.04
opensuseleap
15.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bullseye
8:6.9.11.60+dfsg-1.3+deb11u4
fixed
bullseye (security)
8:6.9.11.60+dfsg-1.3+deb11u3
fixed
bookworm
8:6.9.11.60+dfsg-1.6+deb12u2
fixed
bookworm (security)
8:6.9.11.60+dfsg-1.6+deb12u1
fixed
trixie
8:6.9.13.12+dfsg1-1
fixed
sid
8:7.1.1.39+dfsg1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
imagemagick
noble
Fixed 8:6.9.10.23+dfsg-2.1ubuntu15
released
mantic
Fixed 8:6.9.10.23+dfsg-2.1ubuntu15
released
lunar
Fixed 8:6.9.10.23+dfsg-2.1ubuntu15
released
kinetic
Fixed 8:6.9.10.23+dfsg-2.1ubuntu15
released
jammy
Fixed 8:6.9.10.23+dfsg-2.1ubuntu15
released
groovy
Fixed 8:6.9.10.23+dfsg-2.1ubuntu13.1
released
focal
Fixed 8:6.9.10.23+dfsg-2.1ubuntu11.1
released
eoan
ignored
disco
ignored
bionic
Fixed 8:6.9.7.4+dfsg-16ubuntu6.9
released
xenial
Fixed 8:6.8.9.9-7ubuntu5.16
released
trusty
needed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html
https://github.com/ImageMagick/ImageMagick/issues/1561
https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html
https://usn.ubuntu.com/4549-1/
https://www.debian.org/security/2020/dsa-4712
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html
https://github.com/ImageMagick/ImageMagick/issues/1561
https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html
https://usn.ubuntu.com/4549-1/
https://www.debian.org/security/2020/dsa-4712