Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-15140

Опубликовано: 18 авг. 2019
Источник: debian

Описание

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
imagemagickfixed8:6.9.11.24+dfsg-1package

Примечания

  • https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0

  • ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010

  • followup, previous patch introduced compiler warnings

  • https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010

  • https://github.com/ImageMagick/ImageMagick/issues/1554

Связанные уязвимости

ubuntu логотип

CVE-2019-15140

CVSS3: 8.8
ubuntu
почти 6 лет назад

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.

redhat логотип

CVE-2019-15140

CVSS3: 7.8
redhat
около 6 лет назад

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.

nvd логотип

CVE-2019-15140

CVSS3: 8.8
nvd
почти 6 лет назад

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.

github логотип

GHSA-fm7h-6q8j-c522

github
около 3 лет назад

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.

fstec логотип

BDU:2020-01711

CVSS3: 8.8
fstec
почти 6 лет назад

Уязвимость функции coders/mat.c службы ImageMagick консольного графического редактора ImageMagick, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании