8.8

CVE-2019-11008

Exploit
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GraphicsmagickGraphicsmagick Version <= 1.3.31
OpensuseBackports Sle Version15.0 Update-
OpensuseLeap Version15.0
OpensuseLeap Version42.3
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
CanonicalUbuntu Linux Version18.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.77% 0.885
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4207-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4640
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html
Third Party Advisory
Mailing List
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b
Vendor Advisory
Release Notes
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html
Third Party Advisory
Mailing List
https://sourceforge.net/p/graphicsmagick/bugs/599/
Third Party Advisory
Exploit