CVE-2019-13135

EPSS 2.59%
Published 01.07.2019 20:15:11
Last modified 21.11.2024 04:24:16
Source cve@mitre.org
Teams watchlist Login
Open Login

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.

Affected products Warnungen 0 Metrics 3 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Imagemagick ≫ Imagemagick Version < 6.9.10-50

Imagemagick ≫ Imagemagick Version >= 7.0.0-0 < 7.0.8-50

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.04

Canonical ≫ Ubuntu Linux Version19.10

F5 ≫ Big-ip Application Acceleration Manager Version >= 11.5.2 < 11.6.5.2

F5 ≫ Big-ip Application Acceleration Manager Version >= 12.1.0 < 12.1.5.2

F5 ≫ Big-ip Application Acceleration Manager Version >= 13.1.0 < 13.1.3.4

F5 ≫ Big-ip Application Acceleration Manager Version >= 14.0.0 < 14.1.2.5

F5 ≫ Big-ip Application Acceleration Manager Version >= 15.0.0 < 15.0.1.3

F5 ≫ Big-ip Application Acceleration Manager Version >= 15.1.0 < 15.1.0.2

F5 ≫ Big-ip Webaccelerator Version >= 11.5.2 < 11.6.5.2

F5 ≫ Big-ip Webaccelerator Version >= 12.1.0 < 12.1.5.2

F5 ≫ Big-ip Webaccelerator Version >= 13.1.0 < 13.1.3.4

F5 ≫ Big-ip Webaccelerator Version >= 14.0.0 < 14.1.2.5

F5 ≫ Big-ip Webaccelerator Version >= 15.0.0 < 15.0.1.3

F5 ≫ Big-ip Webaccelerator Version >= 15.1.0 < 15.1.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.59%	0.851

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2020/dsa-4712

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html

Broken Link

https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4192-1/

Third Party Advisory

https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d

Patch

Third Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/1599

Patch

Third Party Advisory

https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d

Patch

Third Party Advisory

https://support.f5.com/csp/article/K20336394

Third Party Advisory

https://support.f5.com/csp/article/K20336394?utm_source=f5support&amp%3Butm_medium=RSS

https://nvd.nist.gov/vuln/detail/CVE-2019-13135

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13135

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13135

EUVD