CVE-2019-11472

Name
CVE-2019-11472
Description
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4
Exploit https://github.com/ImageMagick/ImageMagick/issues/1546
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html
UBUNTU https://usn.ubuntu.com/4034-1/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html
DEBIAN https://www.debian.org/security/2020/dsa-4712
MLIST https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:imagemagick:imagemagick:7.0.8-41:q16:*:*:*:*:*:* imagemagick == None == 7.0.8-41

Vulnerable and fixed packages

Source package Branch Version Maintainer Status