CVE-2019-13303

Related Vulnerabilities: CVE-2019-13303  

Impact: Important Public Date: 2019-07-16 CWE: CWE-125 Bugzilla: 1730368: CVE-2019-13303 ImageMagick: heap-based buffer over-read in MagickCore/composite.c in CompositeImage ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.

The MITRE CVE dictionary describes this issue as:

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.

Find out more about CVE-2019-13303 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 8.8
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 ImageMagick Under investigation
Red Hat Enterprise Linux 6 ImageMagick Under investigation
Red Hat Enterprise Linux 5 ImageMagick Under investigation