CVE-2019-13136 - OpenCVE

ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Imagemagick	Imagemagick

Configuration 1 [-]

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html
https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891	Patch Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/1602	Exploit Third Party Advisory
https://support.f5.com/csp/article/K03512441?utm_source=f5support&amp%3Butm_medium=RSS

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-01T19:27:46

Updated: 2019-10-11T04:06:01

Reserved: 2019-07-01T00:00:00

Link: CVE-2019-13136

JSON object: View

NVD Information

Status : Modified

Published: 2019-07-01T20:15:11.417

Modified: 2023-11-07T03:03:47.343

Link: CVE-2019-13136

JSON object: View

Redhat Information

No data.

CWE

CWE-190

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-11T04:06:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/issues/1602"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891"}, {"name": "openSUSE-SU-2019:1983", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K03512441?utm_source=f5support&amp%3Butm_medium=RSS"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13136", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ImageMagick/ImageMagick/issues/1602", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/1602"}, {"name": "https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891"}, {"name": "openSUSE-SU-2019:1983", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html"}, {"name": "https://support.f5.com/csp/article/K03512441?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K03512441?utm_source=f5support&utm_medium=RSS"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13136", "datePublished": "2019-07-01T19:27:46", "dateReserved": "2019-07-01T00:00:00", "dateUpdated": "2019-10-11T04:06:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "024CF82C-BA9A-441D-80DD-BDA9FEC819A7", "versionEndExcluding": "7.0.8-50", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c."}, {"lang": "es", "value": "ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de desbordamiento de enteros en la funci\u00f3n TIFFSeekCustomStream in coders/tiff.c."}], "id": "CVE-2019-13136", "lastModified": "2023-11-07T03:03:47.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-01T20:15:11.417", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/issues/1602"}, {"source": "cve@mitre.org", "url": "https://support.f5.com/csp/article/K03512441?utm_source=f5support&amp%3Butm_medium=RSS"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}