Main Vulnerability Database SB2020011808

SB2020011808 - Out-of-bounds read in imagemagick6 (Alpine package)

Published: January 18, 2020

Security Bulletin ID SB2020011808

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2019-19949)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due missing length check prior pointer dereference in the "WritePNGImage" function of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. A remote attacker can cause a denial of service condition on the target system.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=fa08d969d9ea76754832607a9d67a116fb77088e
https://git.alpinelinux.org/aports/commit/?id=513073b4035b5fd7a7cd0a3b9b8e3b85bee244bf