CVE-2019-11505

Опубликовано: 24 апр. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.

Ссылки

http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a
Patch
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/108063
Broken Link
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html
Third Party Advisory
https://sourceforge.net/p/graphicsmagick/bugs/605/
Exploit
Third Party Advisory
https://usn.ubuntu.com/4207-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4640
Third Party Advisory
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a
Patch
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/108063
Broken Link
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html
Third Party Advisory
https://sourceforge.net/p/graphicsmagick/bugs/605/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*

Версия от 1.3.8 (включая) до 1.3.31 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01266

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2019-11505

CVSS3: 8.8

ubuntu

почти 7 лет назад

CVE-2019-11505

CVSS3: 8.8

debian

почти 7 лет назад

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, ther ...

GHSA-qhr4-cgf5-cv23

CVSS3: 8.8

github

больше 3 лет назад

BDU:2020-01869

CVSS3: 8.8

fstec

почти 7 лет назад

Уязвимость функции WritePDBImage графического редактора GraphicsMagick, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании

openSUSE-SU-2019:1603-1

suse-cvrf

больше 6 лет назад

Security update for ImageMagick

EPSS

Процентиль: 79%

0.01266

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787