CVE-2019-14980

Name
CVE-2019-14980
Description
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://github.com/ImageMagick/ImageMagick6/issues/43
Patch https://github.com/ImageMagick/ImageMagick/commit/c5d012a46ae22be9444326aa37969a3f75daa3ba
Third Party Advisory https://github.com/ImageMagick/ImageMagick/compare/7.0.8-41...7.0.8-42
Patch https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* imagemagick >= 7.0.0-0 < 7.0.8-42
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* imagemagick >= 6.0 < 6.9.10-42

Vulnerable and fixed packages

Source package Branch Version Maintainer Status