Candidate: CVE-2019-19952
PublicDate: 2019-12-24 01:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19952
Description:
 In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function
 MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://github.com/ImageMagick/ImageMagick/issues/1791
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_imagemagick:
 upstream: https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c (7.x)
 upstream: https://github.com/ImageMagick/ImageMagick6/commit/7ef923841437bb57bd9b55fc0bf40ddc99b93c2b (6.x)
upstream_imagemagick: needs-triage
precise/esm_imagemagick: DNE
trusty_imagemagick: ignored (out of standard support)
trusty/esm_imagemagick: DNE
xenial_imagemagick: not-affected (code not present)
esm-infra/xenial_imagemagick: not-affected (code not present)
bionic_imagemagick: not-affected (code not present)
disco_imagemagick: ignored (reached end-of-life)
eoan_imagemagick: ignored (reached end-of-life)
focal_imagemagick: not-affected (code not present)
groovy_imagemagick: not-affected (code not present)
devel_imagemagick: not-affected (code not present)