Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2019-12975

Public on 2019-06-26
Modified on 2020-10-22
Description

It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the WriteDPXImage() function. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory.

Severity
Low
See what this means
CVSS v3 Base Score
5.3
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 ImageMagick 2024-03-13 19:46 ALAS-2024-1926
Amazon Linux 2 - Core ImageMagick 2020-10-22 17:05 ALAS2-2020-1497
Amazon Linux 2 - Core ImageMagick 2024-01-19 01:51 ALAS2-2024-2432
Amazon Linux 1 php-pecl-imagick 2020-06-23 07:03 ALAS-2020-1391
Amazon Linux 1 php54-pecl-imagick 2023-08-21 12:14 ALAS-2023-1810
Amazon Linux 1 php55-pecl-imagick 2023-08-21 12:14 ALAS-2023-1812
Amazon Linux 1 php56-pecl-imagick 2023-08-21 12:14 ALAS-2023-1811
Amazon Linux 1 php70-pecl-imagick 2023-08-21 12:14 ALAS-2023-1813
Amazon Linux 1 php71-pecl-imagick 2023-08-21 12:14 ALAS-2023-1814
Amazon Linux 1 php72-pecl-imagick 2023-08-21 12:14 ALAS-2023-1815

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P
NVD CVSSv3 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H