CVE-2019-11506
Debian Security Advisory 4640-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.
En GraphicsMagick, desde la versión 1.3.30 hasta la 1.4 snapshot-20190403 Q8, hay un desbordamiento de búfer basado en memoria dinámica (heap) en la función WriteMATLABImage de codificadores/mat.c, que permite a un atacante causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un archivo de imagen creado. Esto está relacionado con ExportRedQuantumType en magick/export.c.
handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed media files are processed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-04-24 CVE Reserved
- 2019-04-24 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://sourceforge.net/p/graphicsmagick/bugs/604 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a | 2023-03-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Graphicsmagick Search vendor "Graphicsmagick" | Graphicsmagick Search vendor "Graphicsmagick" for product "Graphicsmagick" | 1.3.30 Search vendor "Graphicsmagick" for product "Graphicsmagick" and version "1.3.30" | - |
Affected
| ||||||
| Graphicsmagick Search vendor "Graphicsmagick" | Graphicsmagick Search vendor "Graphicsmagick" for product "Graphicsmagick" | 1.3.31 Search vendor "Graphicsmagick" for product "Graphicsmagick" and version "1.3.31" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Backports Sle Search vendor "Opensuse" for product "Backports Sle" | 15.0 Search vendor "Opensuse" for product "Backports Sle" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.3 Search vendor "Opensuse" for product "Leap" and version "42.3" | - |
Affected
| ||||||