Debian: DLA-1968-1 Critical: Imagemagick Denial of Service Issues
debian lts
October 21, 2019
Multiple vulnerabilities have been found in imagemagick, an image processing toolkit
Summary
Uncontrolled resource consumption caused by insufficiently sanitized image
size in ReadCINImage (coders/cin.c). This vulnerability might be leveraged
by remote attackers to cause denial of service via a crafted Cineon image.
CVE-2019-14981
Divide-by-zero vulnerability in MeanShiftImage (magick/feature.c). This
vulnerability might be leveraged by remote attackers to cause denial of
service via crafted image data.
CVE-2019-15139
Out-of-bounds read in ReadXWDImage (coders/xwd.c). This vulnerability might
be leveraged by remote attackers to cause denial of service via a crafted
XWD (X Window System window dumping file) image file.
CVE-2019-15140
Bound checking issue in ReadMATImage (coders/mat.c), potentially leading to
use-after-free. This vulnerability might be leveraged by remote attackers to
cause denial of service or any other unspecified impact via a crafted MAT
image file.
For Debian 8 "Jessie", these problems have been fixed in version
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: imagemagick
Version: 8:6.8.9.9-5+deb8u18
CVE ID: CVE-2019-11470 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!