PublicDateAtUSN: 2019-04-30
Candidate: CVE-2019-10131
PublicDate: 2019-04-30 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10131
 https://ubuntu.com/security/notices/USN-4034-1
Description:
 An off-by-one read vulnerability was discovered in ImageMagick before
 version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A
 local attacker may use this flaw to read beyond the end of the buffer or to
 crash the program.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1704762
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H [7.1 HIGH]
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H [7.1 HIGH]


Patches_imagemagick:
 upstream: https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e
 upstream: https://github.com/ImageMagick/ImageMagick6/commit/7ccc28ee4c777d915f95919ac3bcf8adf93037a7
upstream_imagemagick: released (8:6.9.10.2+dfsg-2)
precise/esm_imagemagick: DNE
trusty/esm_imagemagick: DNE
xenial_imagemagick: released (8:6.8.9.9-7ubuntu5.14)
esm-infra/xenial_imagemagick: released (8:6.8.9.9-7ubuntu5.14)
bionic_imagemagick: released (8:6.9.7.4+dfsg-16ubuntu6.7)
cosmic_imagemagick: not-affected (8:6.9.10.8+dfsg-1ubuntu2)
disco_imagemagick: not-affected
devel_imagemagick: not-affected