Main Vulnerability Database SB2019101421

SB2019101421 - Use-after-free in ImageMagick ImageMagick

Published: October 14, 2019 Updated: July 17, 2020

Security Bulletin ID SB2019101421

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2019-17547)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.

Install update from vendor's website.