K20336394 : ImageMagick vulnerability CVE-2019-13135

2019-10-0800:00:00

my.f5.com

6.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

Security Advisory Description

ImageMagick before 7.0.8-50 has a “use of uninitialized value” vulnerability in the function ReadCUTImage in coders/cut.c. (CVE-2019-13135)

Impact

BIG-IP (AAM, Edge Gateway, and WebAccelerator)

This issue affects BIG-IP systems only when WAM or AAM is provisioned. If exploited, this vulnerability may result in an information leak.

BIG-IP (LTM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM), BIG-IQ Centralized Management, Enterprise Manager, F5 iWorkflow, and Traffix SDC

There is no impact; these F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-ip afmeq11.5.10
big-ip afmeq11.5.2
big-ip afmeq11.5.3

Name	Operator	Version
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-ip afm	eq	11.5.10
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3