Lucene search

[email protected]CVE-2019-11474

HistoryApr 23, 2019 - 2:29 p.m.

CVE-2019-11474

2019-04-2314:29:01

CWE-682

CWE-787

[email protected]

web.nvd.nist.gov

141

graphicsmagick

cve-2019-11474

denial of service

xwd image file

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.8%

JSON

coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.

Affected configurations

NVD

Node

graphicsmagickgraphicsmagickMatch1.3.31

Node

fedoraprojectfedoraMatch29

fedoraprojectfedoraMatch30

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

canonicalubuntu_linuxMatch18.04lts

Node

opensusebackports_sleMatch15.0-

opensuseleapMatch15.0

opensuseleapMatch42.3

CPENameOperatorVersion
graphicsmagick:graphicsmagickgraphicsmagickeq1.3.31

CPE	Name	Operator	Version
graphicsmagick:graphicsmagick	graphicsmagick	eq	1.3.31

References

hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd

hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8

lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html

lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html

lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html

www.graphicsmagick.org/Changelog.html

www.securityfocus.com/bid/108055

lists.debian.org/debian-lts-announce/2019/05/msg00027.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/

usn.ubuntu.com/4207-1/

www.debian.org/security/2020/dsa-4640

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.8%

JSON

Related for CVE-2019-11474

cvelist4 alpinelinux2 prion4 debiancve4 ubuntucve4 nvd4 openvas14 nessus13 suse7 redhatcve1 cve3 mageia2 debian3 osv2 ubuntu1 fedora2