vulnerability

Oracle Linux: CVE-2019-12976: ELSA-2020-1180: ImageMagick security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Jun 26, 2019	Oct 5, 2022	Nov 29, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Jun 26, 2019

Added

Oct 5, 2022

Modified

Nov 29, 2024

Description

ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.
It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the ReadPCLImage() function. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash.
An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory.

Solutions

oracle-linux-upgrade-autotraceoracle-linux-upgrade-autotrace-develoracle-linux-upgrade-emacsoracle-linux-upgrade-emacs-commonoracle-linux-upgrade-emacs-eloracle-linux-upgrade-emacs-filesystemoracle-linux-upgrade-emacs-noxoracle-linux-upgrade-emacs-terminaloracle-linux-upgrade-imagemagickoracle-linux-upgrade-imagemagick-coracle-linux-upgrade-imagemagick-c-develoracle-linux-upgrade-imagemagick-develoracle-linux-upgrade-imagemagick-docoracle-linux-upgrade-imagemagick-perloracle-linux-upgrade-inkscapeoracle-linux-upgrade-inkscape-docsoracle-linux-upgrade-inkscape-view

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today