Fluid Attacks Database

Description

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	emacs	<1:24.3-23.el7	1:24.3-23.el7
rpm rhel7	autotrace	<0:0.31.1-38.el7	0:0.31.1-38.el7
rpm rhel7	ImageMagick	<0:6.9.10.68-3.el7	0:6.9.10.68-3.el7
rpm rhel7	inkscape	<0:0.92.2-3.el7	0:0.92.2-3.el7
rpm rhel6	ImageMagick	-	-
rpm rhel5	ImageMagick	-	-

Aliases

1. CVE-2019-149802. NVD-2019-149803. OSV-2019-14980

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.