VDB
CVE-2019-19952
CVE-2019-19952
PUBLISHED
Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. Überlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuführen oder andere nicht spezifizierte Auswirkungen zu erzielen. Für eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine bösartig gestaltete Bilddatei zu öffnen.
EPSS 0.39% · 60.7th percentile
Risk Scores
EPSS Score
0.39%
60.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | SUSE Linux | |
| Ubuntu | Ubuntu Linux | |
| Debian | Debian Linux | |
| Amazon | Amazon Linux 2 | |
| Red Hat | Red Hat Enterprise Linux | |
| Open Source | Open Source GraphicsMagick <=1.4 snapshot-20191208 Q8 | |
| Open Source | Open Source ImageMagick <=7.0.9-7 Q16 |
Exploit Intelligence
Timeline
- Dec 23, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-2131.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2131 advisory
- https://www.suse.com/support/update/announcement/2020/suse-su-20200275-1.html advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-19953 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-19952 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-19951 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-19950 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-19949 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-19948 advisory
- https://www.suse.com/support/update/announcement/2020/suse-su-20200411-1.html advisory
- https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202001/msg00029.html advisory
- https://www.debian.org/security/2020/dsa-4640 advisory
- https://access.redhat.com/errata/RHSA-2020:1180 advisory
- https://www.debian.org/security/2020/dsa-4712 advisory
- https://www.debian.org/security/2020/dsa-4715 advisory
- https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202008/msg00030.html advisory
- https://usn.ubuntu.com/4549-1/ advisory
- https://ubuntu.com/security/notices/USN-4670-1 advisory
- https://alas.aws.amazon.com/ALAS-2023-1815.html advisory
- https://alas.aws.amazon.com/ALAS-2023-1814.html advisory
…and 6 more