6.5
CVE-2019-11010
- EPSS 1.8%
- Veröffentlicht 08.04.2019 19:29:05
- Zuletzt bearbeitet 21.11.2024 04:20:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Graphicsmagick ≫ Graphicsmagick Version <= 1.3.31
Debian ≫ Debian Linux Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.8% | 0.757 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html
https://usn.ubuntu.com/4207-1/
https://www.debian.org/security/2020/dsa-4640
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019
https://sourceforge.net/p/graphicsmagick/bugs/601/