Design/Logic Flaw

🗓️ 30 Apr 2019 19:29:00Reported by PRIOn knowledge baseType

A security flaw in ImageMagick 7.0.7-28 allows local attackers to exploit an off-by-one read vulnerability in the formatIPTCfromBuffer function, potentially leading to buffer over-read or program crash

Reporter	Title	Published	Views	Family All 138
FreeBSD	ImageMagick -- multiple vulnerabilities	7 Mar 201900:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	13 Aug 202122:15	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in Pacemaker, ImageMagick, gd-libgd, libxslt, cURL libcurl , Ghostscript.	21 Feb 202204:39	–	ibm
Tenable Nessus	Amazon Linux 2 : ImageMagick (ALAS-2020-1497)	28 Oct 202000:00	–	nessus
Tenable Nessus	Amazon Linux 2 : ImageMagick (ALAS-2024-2432)	23 Jan 202400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php-pecl-imagick (ALAS-2020-1391)	20 Jul 202000:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php54-pecl-imagick (ALAS-2023-1810)	23 Aug 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php56-pecl-imagick (ALAS-2023-1811)	23 Aug 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php55-pecl-imagick (ALAS-2023-1812)	23 Aug 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php70-pecl-imagick (ALAS-2023-1813)	23 Aug 202300:00	–	nessus

Source	Link
github	www.github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
securityfocus	www.securityfocus.com/bid/108117
lists	www.lists.opensuse.org/opensuse-security-announce/2019-05/msg00051.html
usn	www.usn.ubuntu.com/4034-1/
lists	www.lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html
lists	www.lists.debian.org/debian-lts-announce/2020/08/msg00030.html

28 Oct 2021 12:20Current

7.7High risk

Vulners AI Score7.7

EPSS0.00134