ImageMagick is prone to multiple security vulnerabilities.
Successfully exploiting these issues may allow an attacker to gain access to sensitive information, bypass certain security restrictions and to perform unauthorized actions or cause a denial-of-service condition. This may aid in launching further attacks. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
ImageMagick version 7.0.8-34 is vulnerable; other versions may also be affected.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
| Bugtraq ID: | 108913 |
| Class: | Unknown |
| CVE: | CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12979 CVE-2019-12977 CVE-2019-12978 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 26 2019 12:00AM |
| Updated: | Jun 26 2019 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: | ImageMagick ImageMagick 7.0.8-34 |
| Not Vulnerable: | |
References:
- ImageMagick Homepage (ImageMagick)
- Memory leak in function ReadPCLImage #1520 (ImageMagick)
- Null pointer deference in function ReadPANGOImage in coders/pango.c #1515 (ImageMagick)
- Possible but rare memory leak in function WriteDPXImage #1517 (ImageMagick)
- Use-of-uninitialized-value in function ReadPANGOImage #1519 (ImageMagick)
- Use-of-uninitialized-value in function SyncImageSettings. #1522 (ImageMagick)
- Use-of-uninitialized-value in function WriteJP2Image #1518 (ImageMagick)
from SecurityFocus Vulnerabilities https://ift.tt/2ISKu6P
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.