Division by zero in imagemagick6 (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-13454 |
| CWE-ID | CWE-369 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
imagemagick6 (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Division by zero
EUVDB-ID: #VU19185
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2019-13454
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition on a system.
The vulnerability exists due to a divide-by-zero condition in the "RemoveDuplicateLayers" function, as defined in the "MagickCore/layer.c" file. A remote attacker can make calls on the targeted system and cause a DoS condition.
Install update from vendor's website.
Vulnerable software versionsimagemagick6 (Alpine package): 6.9.10.39-r0 - 6.9.10.55-r0
CPE2.3- cpe:2.3:a:alpine:imagemagick6_alpine_package:6.9.10.39-r0:*:*:*:*:alpine_linux:*:3.6
- cpe:2.3:a:alpine:imagemagick6_alpine_package:6.9.10.44-r0:*:*:*:*:alpine_linux:*:3.7
- cpe:2.3:a:alpine:imagemagick6_alpine_package:6.9.10.47-r0:*:*:*:*:alpine_linux:*:3.7
https://git.alpinelinux.org/aports/commit/?id=fa08d969d9ea76754832607a9d67a116fb77088e
https://git.alpinelinux.org/aports/commit/?id=a19f810872972ce57a3fd3bf4ef1f9ec5eac78bc
https://git.alpinelinux.org/aports/commit/?id=530a544685f085941dfc43575144a1aa5090a3e4
https://git.alpinelinux.org/aports/commit/?id=d46d1b3369612e10a726fb1b6658764a7ff08fc9
https://git.alpinelinux.org/aports/commit/?id=6a183d66c7dc3dca62a642c621c62bc6455f8b87
https://git.alpinelinux.org/aports/commit/?id=8a0a53d2ab69a2e8892826f9443e0ad20d53e4df
https://git.alpinelinux.org/aports/commit/?id=3cecfd2d2af53b9be6d7e3af4cc8490b54556a1f
https://git.alpinelinux.org/aports/commit/?id=4f797cc6b00076db68e8bc9f0995e8181659d243
https://git.alpinelinux.org/aports/commit/?id=e2c99a977c70ec025f2ce7b2e89c227d7fed9ed7
https://git.alpinelinux.org/aports/commit/?id=0f7ecd696d28f3be16555aca8525bf57ed8a0669
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
