1. CVE-Search
  2. CVE-2019-12974
ID CVE-2019-12974
Summary A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.
References
Vulnerable Configurations
  • cpe:2.3:a:imagemagick:imagemagick:7.0.8-34:*:*:*:*:*:*:*
    cpe:2.3:a:imagemagick:imagemagick:7.0.8-34:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 19-08-2020 - 02:15)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • ImageMagick-0:6.9.10.68-3.el7
  • ImageMagick-c++-0:6.9.10.68-3.el7
  • ImageMagick-c++-devel-0:6.9.10.68-3.el7
  • ImageMagick-debuginfo-0:6.9.10.68-3.el7
  • ImageMagick-devel-0:6.9.10.68-3.el7
  • ImageMagick-doc-0:6.9.10.68-3.el7
  • ImageMagick-perl-0:6.9.10.68-3.el7
  • autotrace-0:0.31.1-38.el7
  • autotrace-debuginfo-0:0.31.1-38.el7
  • autotrace-devel-0:0.31.1-38.el7
  • emacs-1:24.3-23.el7
  • emacs-common-1:24.3-23.el7
  • emacs-debuginfo-1:24.3-23.el7
  • emacs-el-1:24.3-23.el7
  • emacs-filesystem-1:24.3-23.el7
  • emacs-nox-1:24.3-23.el7
  • emacs-terminal-1:24.3-23.el7
  • inkscape-0:0.92.2-3.el7
  • inkscape-debuginfo-0:0.92.2-3.el7
  • inkscape-docs-0:0.92.2-3.el7
  • inkscape-view-0:0.92.2-3.el7
refmap via4
bid 108913
debian DSA-4712
misc https://github.com/ImageMagick/ImageMagick/issues/1515
mlist
  • [debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update
  • [debian-lts-announce] 20200818 [SECURITY] [DLA 2333-1] imagemagick security update
suse openSUSE-SU-2019:1983
ubuntu USN-4192-1
Last major update 19-08-2020 - 02:15
Published 26-06-2019 - 18:15
Last modified 19-08-2020 - 02:15
Back to Top