Launchpad CVE tracker

CVE 2019-11598

In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.

Related bugs and status

CVE-2019-11598 (Candidate) is related to these bugs:

Bug #1797647: imagemagick policy.xml typo for EPS files in bionic security update (8:6.9.7.4+dfsg-16ubuntu6.4)

Summary				In	Importance	Status
	1797647	imagemagick policy.xml typo for EPS files in bionic security update (8:6.9.7.4+dfsg-16ubuntu6.4)		imagemagick (Ubuntu)	Undecided	Fix Released

Bug #1923350: FFe: sync/merge imagemagick form unstable

Summary				In	Importance	Status
	1923350	FFe: sync/merge imagemagick form unstable		imagemagick (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 108102
MISC: https://github.com/Ima...
MLIST: [debian-lts-announce] ...
SUSE: openSUSE-SU-2019:1603
UBUNTU: USN-4034-1
SUSE: openSUSE-SU-2019:1683
DEBIAN: DSA-4712
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2019-11598

Related bugs and status

Related bugs

References