Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2019-13307

Published: 05/07/2019 Updated: 23/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Imagemagick

Vulnerability Summary

It exists that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

imagemagick imagemagick 7.0.8-50

debian debian linux 9.0

debian debian linux 10.0

canonical ubuntu linux 18.04

canonical ubuntu linux 19.04

canonical ubuntu linux 19.10

canonical ubuntu linux 16.04

opensuse leap 15.0

opensuse leap 15.1

Vendor Advisories

Red Hat: Moderate: ImageMagick security, bug fix, and enhancement update
Synopsis Moderate: ImageMagick security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for ImageMagick, autotrace, emacs, and inkscape is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Mod ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2019-13307
Debian Bug report logs - #931448 imagemagick: CVE-2019-13307 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 5 Jul 2019 09:51:01 UTC Severity: important Tags: securit ...
Ubuntu Security Notice: imagemagick vulnerabilities
Several security issues were fixed in ImageMagick ...
Debian Security Advisories: DSA-4715-1 imagemagick -- security update
This update fixes multiple vulnerabilities in Imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed For the oldstable distribution (stretch), these problems have been f ...
Debian Security Advisories: DSA-4712-1 imagemagick -- security update
This update fixes multiple vulnerabilities in Imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed For the stable distribution (buster), these problems have been fixed ...
Amazon Linux 2: ALAS2-2020-1497
ImageMagick 707-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/ddsc, which allows attackers to cause a denial of service (CVE-2017-1000476) The ReadXWDImage function in coders\xwdc in ImageMagick 705-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of colo ...
Red Hat: CVE-2019-13307
Impact: Important Public Date: 2019-07-16 CWE: CWE-119 Bugzilla: 1730351: CVE-2019-13307 ImageMagick: I ...
Amazon Linux AMI: ALAS-2023-1811
ImageMagick 707-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/ddsc, which allows attackers to cause a denial of service (CVE-2017-1000476) The ReadXWDImage function in coders\xwdc in ImageMagick 705-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of colo ...
Amazon Linux AMI: ALAS-2023-1810
ImageMagick 707-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/ddsc, which allows attackers to cause a denial of service (CVE-2017-1000476) The ReadXWDImage function in coders\xwdc in ImageMagick 705-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of colo ...
Amazon Linux AMI: ALAS-2020-1391
An issue was discovered in ImageMagick 707 A memory leak vulnerability was found in the function WriteGIFImage in coders/gifc, which allow remote attackers to cause a denial of service via a crafted file (CVE-2017-18254) An issue was discovered in ImageMagick 707 The MogrifyImageList function in MagickWand/mogrifyc allows attackers to caus ...
Amazon Linux AMI: ALAS-2023-1815
ImageMagick 707-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/ddsc, which allows attackers to cause a denial of service (CVE-2017-1000476) The ReadXWDImage function in coders\xwdc in ImageMagick 705-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of colo ...
Amazon Linux AMI: ALAS-2023-1814
ImageMagick 707-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/ddsc, which allows attackers to cause a denial of service (CVE-2017-1000476) The ReadXWDImage function in coders\xwdc in ImageMagick 705-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of colo ...
Amazon Linux AMI: ALAS-2023-1813
ImageMagick 707-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/ddsc, which allows attackers to cause a denial of service (CVE-2017-1000476) The ReadXWDImage function in coders\xwdc in ImageMagick 705-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of colo ...
Amazon Linux AMI: ALAS-2023-1812
ImageMagick 707-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/ddsc, which allows attackers to cause a denial of service (CVE-2017-1000476) The ReadXWDImage function in coders\xwdc in ImageMagick 705-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of colo ...
Amazon Linux AMI: ALAS-2024-1926
Integer overflow in MagickCore/profilec in ImageMagick before 702-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable (CVE-2016-5841) ImageMagick 707-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/ddsc, ...

References

CWE-787https://github.com/ImageMagick/ImageMagick/commit/025e77fcb2f45b21689931ba3bf74eac153afa48https://github.com/ImageMagick/ImageMagick/issues/1615https://github.com/ImageMagick/ImageMagick6/commit/91e58d967a92250439ede038ccfb0913a81e59fehttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.htmlhttps://usn.ubuntu.com/4192-1/https://www.debian.org/security/2020/dsa-4712https://www.debian.org/security/2020/dsa-4715https://access.redhat.com/errata/RHSA-2020:1180https://usn.ubuntu.com/4192-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook