Main Vulnerability Database Vulnerabilities #VU20299

#VU20299 Division by zero in ImageMagick - CVE-2019-14981

Published: August 19, 2019

Vulnerability identifier: #VU20299

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-14981

CWE-ID: CWE-369

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ImageMagick

Software vendor:
ImageMagick.org

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to division by zero error when processing untrusted input in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. A remote attacker can perform denial of service attack.

Remediation

Install update from vendor's website.

External links

https://github.com/ImageMagick/ImageMagick/commit/a77d8d97f5a7bced0468f0b08798c83fb67427bc
https://github.com/ImageMagick/ImageMagick/issues/1552
https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256

#VU20299 Division by zero in ImageMagick - CVE-2019-14981

Description

Remediation

External links

Please verify you're human