Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2019-13300

Public on 2019-07-05
Modified on 2020-10-22
Description

A heap-based buffer overflow was discovered in ImageMagick in the way it applies a value with arithmetic, relational, or logical operators to an image due to mishandling columns. Applications compiled against ImageMagick libraries that accept untrustworthy images and use the evaluate-sequence option or function EvaluateImages may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code.

Severity
Medium
See what this means
CVSS v3 Base Score
8.8
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 ImageMagick 2024-03-13 19:46 ALAS-2024-1926
Amazon Linux 2 - Core ImageMagick 2020-10-22 17:05 ALAS2-2020-1497
Amazon Linux 2 - Core ImageMagick 2024-01-19 01:51 ALAS2-2024-2432
Amazon Linux 1 php-pecl-imagick 2020-06-23 07:03 ALAS-2020-1391
Amazon Linux 1 php54-pecl-imagick 2023-08-21 12:14 ALAS-2023-1810
Amazon Linux 1 php55-pecl-imagick 2023-08-21 12:14 ALAS-2023-1812
Amazon Linux 1 php56-pecl-imagick 2023-08-21 12:14 ALAS-2023-1811
Amazon Linux 1 php70-pecl-imagick 2023-08-21 12:14 ALAS-2023-1813
Amazon Linux 1 php71-pecl-imagick 2023-08-21 12:14 ALAS-2023-1814
Amazon Linux 1 php72-pecl-imagick 2023-08-21 12:14 ALAS-2023-1815

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
NVD CVSSv3 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H