CVE-2019-10714

Published: 02 April 2019

LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
Patches:
Upstream: https://github.com/ImageMagick/ImageMagick/commit/07eebcd72f45c8fd7563d3f9ec5d2bed48f65f36
Upstream: https://github.com/ImageMagick/ImageMagick/commit/58d9c46929ca0828edde34d263700c3a5fe8dc3c
Upstream: https://github.com/ImageMagick/ImageMagick/commit/edc7d3035883ddca8413e4fe7689aa2e579ef04a
Upstream: https://github.com/ImageMagick/ImageMagick6/commit/aa6a769bd85f6750c26e53e53dcd8a2678745501