CVE-2019-14981

Published: 12 August 2019

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
imagemagick Launchpad, Ubuntu, Debian	Upstream	Needs triage




	Ubuntu 18.04 LTS (Bionic Beaver)	Released (8:6.9.7.4+dfsg-16ubuntu6.8)
	Ubuntu 16.04 ESM (Xenial Xerus)	Released (8:6.8.9.9-7ubuntu5.15)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
	Patches: Upstream: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14981
https://ubuntu.com/security/notices/USN-4192-1
NVD
Launchpad
Debian

Bugs

https://github.com/ImageMagick/ImageMagick/issues/1552

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›