CVE-2019-15139

Published: 18 August 2019

The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa)
Released (8:6.9.10.23+dfsg-2.1ubuntu9)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (8:6.9.7.4+dfsg-16ubuntu6.8)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (8:6.8.9.9-7ubuntu5.15)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/ImageMagick/ImageMagick6/commit/6d46f0a046a58e7c4567a86ba1b9cb847d5b1968
Upstream: https://github.com/ImageMagick/ImageMagick6/commit/e295b8193a1413a39d5c0b3e18fa7ca952c35cdf