Fluid Attacks Database

Description

WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	ImageMagick	<0:6.9.10.68-3.el7	0:6.9.10.68-3.el7
rpm rhel5	ImageMagick	-	-
rpm rhel6	ImageMagick	-	-
rpm rhel7	emacs	<1:24.3-23.el7	1:24.3-23.el7
rpm rhel7	autotrace	<0:0.31.1-38.el7	0:0.31.1-38.el7
rpm rhel7	inkscape	<0:0.92.2-3.el7	0:0.92.2-3.el7

Aliases

1. CVE-2019-151412. NVD-2019-151413. OSV-2019-15141

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.