In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P
Vendors Products
Debian
  • Debian Linux
Canonical
  • Ubuntu Linux
Opensuse
  • Leap
Imagemagick
  • Imagemagick

Configuration 1 [-]

OR cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html Mailing List Third Party Advisory
https://github.com/ImageMagick/ImageMagick/commit/a77d8d97f5a7bced0468f0b08798c83fb67427bc Patch Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/1552 Patch Third Party Advisory
https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256 Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00028.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html Mailing List Third Party Advisory
https://usn.ubuntu.com/4192-1/ Third Party Advisory
https://www.debian.org/security/2020/dsa-4712 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-12T22:06:50

Updated: 2020-08-19T01:06:18

Reserved: 2019-08-12T00:00:00

Link: CVE-2019-14981

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2019-08-12T23:15:11.600

Modified: 2020-08-19T18:58:33.827

Link: CVE-2019-14981

JSON object: View

cve-icon Redhat Information

No data.

CWE