CVE-2019-9956 - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of c

CVE-2019-9956

Summary

In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.

References

Vulnerable Configurations

cpe:2.3:a:imagemagick:imagemagick:7.0.8-35:q16:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.8-35:q16:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	1801681
title	CVE-2019-16713 ImageMagick: memory leak in coders/dot.c

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment inkscape is earlier than 0:0.92.2-3.el7
oval oval:com.redhat.rhsa:tst:20201180001
comment inkscape is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152197358
AND
comment inkscape-docs is earlier than 0:0.92.2-3.el7
oval oval:com.redhat.rhsa:tst:20201180003
comment inkscape-docs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152197360
AND
comment inkscape-view is earlier than 0:0.92.2-3.el7
oval oval:com.redhat.rhsa:tst:20201180005
comment inkscape-view is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152197362
AND
comment autotrace is earlier than 0:0.31.1-38.el7
oval oval:com.redhat.rhsa:tst:20201180007
comment autotrace is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201180008

AND

comment autotrace-devel is earlier than 0:0.31.1-38.el7
oval oval:com.redhat.rhsa:tst:20201180009
comment autotrace-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201180010

AND
comment emacs is earlier than 1:24.3-23.el7
oval oval:com.redhat.rhsa:tst:20201180011
comment emacs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20172771002
AND
comment emacs-common is earlier than 1:24.3-23.el7
oval oval:com.redhat.rhsa:tst:20201180013
comment emacs-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20172771004
AND
comment emacs-el is earlier than 1:24.3-23.el7
oval oval:com.redhat.rhsa:tst:20201180015
comment emacs-el is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20172771006

AND

comment emacs-filesystem is earlier than 1:24.3-23.el7
oval oval:com.redhat.rhsa:tst:20201180017
comment emacs-filesystem is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20172771008

AND
comment emacs-nox is earlier than 1:24.3-23.el7
oval oval:com.redhat.rhsa:tst:20201180019
comment emacs-nox is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20172771010

AND

comment emacs-terminal is earlier than 1:24.3-23.el7
oval oval:com.redhat.rhsa:tst:20201180021
comment emacs-terminal is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20172771012

AND
comment ImageMagick is earlier than 0:6.9.10.68-3.el7
oval oval:com.redhat.rhsa:tst:20201180023
comment ImageMagick is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120544002

AND

comment ImageMagick-c++ is earlier than 0:6.9.10.68-3.el7
oval oval:com.redhat.rhsa:tst:20201180025
comment ImageMagick-c++ is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120544004

AND

comment ImageMagick-c++-devel is earlier than 0:6.9.10.68-3.el7
oval oval:com.redhat.rhsa:tst:20201180027
comment ImageMagick-c++-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120544006

AND

comment ImageMagick-devel is earlier than 0:6.9.10.68-3.el7
oval oval:com.redhat.rhsa:tst:20201180029
comment ImageMagick-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120544008

AND

comment ImageMagick-doc is earlier than 0:6.9.10.68-3.el7
oval oval:com.redhat.rhsa:tst:20201180031
comment ImageMagick-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120544010

AND

comment ImageMagick-perl is earlier than 0:6.9.10.68-3.el7
oval oval:com.redhat.rhsa:tst:20201180033
comment ImageMagick-perl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120544012

rhsa

id	RHSA-2020:1180
released	2020-03-31
severity	Moderate
title	RHSA-2020:1180: ImageMagick security, bug fix, and enhancement update (Moderate)

rpms

ImageMagick-0:6.9.10.68-3.el7
ImageMagick-c++-0:6.9.10.68-3.el7
ImageMagick-c++-devel-0:6.9.10.68-3.el7
ImageMagick-debuginfo-0:6.9.10.68-3.el7
ImageMagick-devel-0:6.9.10.68-3.el7
ImageMagick-doc-0:6.9.10.68-3.el7
ImageMagick-perl-0:6.9.10.68-3.el7
autotrace-0:0.31.1-38.el7
autotrace-debuginfo-0:0.31.1-38.el7
autotrace-devel-0:0.31.1-38.el7
emacs-1:24.3-23.el7
emacs-common-1:24.3-23.el7
emacs-debuginfo-1:24.3-23.el7
emacs-el-1:24.3-23.el7
emacs-filesystem-1:24.3-23.el7
emacs-nox-1:24.3-23.el7
emacs-terminal-1:24.3-23.el7
inkscape-0:0.92.2-3.el7
inkscape-debuginfo-0:0.92.2-3.el7
inkscape-docs-0:0.92.2-3.el7
inkscape-view-0:0.92.2-3.el7

refmap via4

bid	107546 107672
bugtraq	20190429 [SECURITY] [DSA 4436-1] imagemagick security update
debian	DSA-4436
misc	https://github.com/ImageMagick/ImageMagick/issues/1523
mlist	[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update
suse	openSUSE-SU-2019:1320 openSUSE-SU-2019:1331
ubuntu	USN-4034-1

Last major update

24-08-2020 - 17:37

Published

24-03-2019 - 00:29

Last modified

24-08-2020 - 17:37