A vulnerability classified as critical has been found in ImageMagick 7.0.8-41 Q16 (Image Processing Software). Affected is the function ReadXWDImage of the file coders/xwd.c of the component XWD Image Parser. The manipulation as part of a XWD Image File leads to a out-of-bounds vulnerability. CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.

The weakness was disclosed 08/18/2019 (Website). The advisory is shared for download at debian.org. This vulnerability is traded as CVE-2019-15139 since 08/18/2019. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Successful exploitation requires user interaction by the victim. There are known technical details, but no exploit is available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries 139835 and 140293 are pretty similar.

Productinfo

Type

• Image Processing Software

Name

• ImageMagick

Version

• 7.0.8-41 Q16

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion