Lucene search

[email protected]CVE-2019-11009

HistoryApr 08, 2019 - 7:29 p.m.

CVE-2019-11009

2019-04-0819:29:00

CWE-125

[email protected]

web.nvd.nist.gov

149

graphicsmagick

cve-2019-11009

heap-based buffer over-read

readxwdimage

denial of service

information disclosure

nvd

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

6.9 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.004 Low

EPSS

Percentile

72.4%

JSON

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.

CPENameOperatorVersion
graphicsmagick:graphicsmagickgraphicsmagickle1.3.31
opensuse:leapopensuse leapeq42.3
opensuse:leapopensuse leapeq15.0
debian:debian_linuxdebian debian linuxeq8.0

CPE	Name	Operator	Version
graphicsmagick:graphicsmagick	graphicsmagick	le	1.3.31
opensuse:leap	opensuse leap	eq	42.3
opensuse:leap	opensuse leap	eq	15.0
debian:debian_linux	debian debian linux	eq	8.0