CVE-2019-13454

Опубликовано: 09 июл. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/109099
Third Party Advisory
VDB Entry
https://github.com/ImageMagick/ImageMagick/blob/7.0.1-0/MagickCore/layer.c#L1618
Product
https://github.com/ImageMagick/ImageMagick/commit/1ddcf2e4f28029a888cadef2e757509ef5047ad8
Patch
Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/1629
Exploit
Third Party Advisory
https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4192-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4712
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/109099
Third Party Advisory
VDB Entry
https://github.com/ImageMagick/ImageMagick/commit/1ddcf2e4f28029a888cadef2e757509ef5047ad8
Patch
Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/1629
Exploit
Third Party Advisory
https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4192-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4712
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия от 7.0.1-0 (включая) до 7.0.8-54 (включая)

cpe:2.3:a:imagemagick:imagemagick:7.0.8-54:q16:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00312

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-369

Связанные уязвимости

CVE-2019-13454

CVSS3: 6.5

ubuntu

около 6 лет назад

ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.

CVE-2019-13454

CVSS3: 3.3

redhat

около 6 лет назад

ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.

CVE-2019-13454

CVSS3: 6.5

debian

около 6 лет назад

ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveD ...

GHSA-56w7-9rqr-p4fc

CVSS3: 6.5

github

около 3 лет назад

ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.

BDU:2020-02765

CVSS3: 6.5

fstec

около 6 лет назад

Уязвимость компонента MagickCore/layer.c консольного графического редактора ImageMagick, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 54%

0.00312

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-369