CVE Vulnerabilities

CVE-2019-10131

Off-by-one Error

Published: Apr 30, 2019 | Modified: Oct 28, 2021
CVSS 3.x
7.1
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVSS 2.x
3.6 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:P
RedHat/V2
RedHat/V3
6.5 LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Ubuntu

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.

Weakness

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Affected Software

Name Vendor Start Version End Version
Imagemagick Imagemagick * *
Imagemagick Imagemagick 7.0.0-0 *
Red Hat Enterprise Linux 7 RedHat autotrace-0:0.31.1-38.el7 *
Red Hat Enterprise Linux 7 RedHat emacs-1:24.3-23.el7 *
Red Hat Enterprise Linux 7 RedHat ImageMagick-0:6.9.10.68-3.el7 *
Red Hat Enterprise Linux 7 RedHat inkscape-0:0.92.2-3.el7 *
Imagemagick Ubuntu bionic *
Imagemagick Ubuntu esm-infra/xenial *
Imagemagick Ubuntu upstream *
Imagemagick Ubuntu xenial *

Potential Mitigations

References