Fluid Attacks Database

Description

ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	inkscape	<0:0.92.2-3.el7	0:0.92.2-3.el7
rpm rhel7	ImageMagick	<0:6.9.10.68-3.el7	0:6.9.10.68-3.el7
rpm rhel7	emacs	<1:24.3-23.el7	1:24.3-23.el7
rpm rhel7	autotrace	<0:0.31.1-38.el7	0:0.31.1-38.el7
rpm rhel5	ImageMagick	-	-
rpm rhel6	ImageMagick	-	-

Aliases

1. CVE-2019-175412. NVD-2019-175413. OSV-2019-17541

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.