Lucene search

PRIOn knowledge basePRION:CVE-2019-14980

HistoryAug 12, 2019 - 11:15 p.m.

Double free

2019-08-1223:15:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.

CPENameOperatorVersion
imagemagickge6.0
imagemagicklt6.9.10
imagemagickeq>= 7.0.00 AND < 7.0.842
leapeq15.0
leapeq15.1

Name	Operator	Version
imagemagick	ge	6.0
imagemagick	lt	6.9.10
imagemagick	eq	>= 7.0.00 AND < 7.0.842
leap	eq	15.0
leap	eq	15.1

References

lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html

lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html

github.com/ImageMagick/ImageMagick/commit/c5d012a46ae22be9444326aa37969a3f75daa3ba

github.com/ImageMagick/ImageMagick/compare/7.0.8-41...7.0.8-42

github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830

github.com/ImageMagick/ImageMagick6/issues/43