CVE-2019-13391MEDIUM
Description
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
References
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html
https://github.com/ImageMagick/ImageMagick/commit/7c2c5ba5b8e3a0b2b82f56c71dfab74ed4006df7
https://github.com/ImageMagick/ImageMagick/issues/1588
https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
Details
Source: MITRE
Published: 2019-07-07
Updated: 2020-09-08
Type: CWE-125
Risk Information
CVSS v2.0
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 142319 | EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2020-2349) | Nessus | Huawei Local Security Checks | medium |
| 140857 | EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-2090) | Nessus | Huawei Local Security Checks | medium |
| 140297 | Debian DLA-2366-1 : imagemagick security update | Nessus | Debian Local Security Checks | high |
| 139136 | EulerOS 2.0 SP8 : ImageMagick (EulerOS-SA-2020-1806) | Nessus | Huawei Local Security Checks | medium |
| 131072 | Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : ImageMagick vulnerabilities (USN-4192-1) | Nessus | Ubuntu Local Security Checks | medium |
| 128070 | openSUSE Security Update : ImageMagick (openSUSE-2019-1983) | Nessus | SuSE Local Security Checks | medium |
| 127790 | SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2019:2106-1) | Nessus | SuSE Local Security Checks | medium |
| 127750 | SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2019:2010-1) | Nessus | SuSE Local Security Checks | medium |