CVE-2019-13311
Public on 2019-07-05
Modified on 2020-10-22
Description
A flaw was found in ImageMagick, containing memory leaks of AcquireMagickMemory due to a wand/mogrify.c error. It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the function MogrifyImageList(). An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | ImageMagick | 2024-03-13 | ALAS-2024-1926 | Fixed |
| Amazon Linux 2 - Core | ImageMagick | 2020-10-22 | ALAS2-2020-1497 | Fixed |
| Amazon Linux 2 - Core | ImageMagick | 2024-01-19 | ALAS2-2024-2432 | Fixed |
| Amazon Linux 1 | php-pecl-imagick | 2020-06-23 | ALAS-2020-1391 | Fixed |
| Amazon Linux 1 | php54-pecl-imagick | 2023-08-21 | ALAS-2023-1810 | Fixed |
| Amazon Linux 1 | php55-pecl-imagick | 2023-08-21 | ALAS-2023-1812 | Fixed |
| Amazon Linux 1 | php56-pecl-imagick | 2023-08-21 | ALAS-2023-1811 | Fixed |
| Amazon Linux 1 | php70-pecl-imagick | 2023-08-21 | ALAS-2023-1813 | Fixed |
| Amazon Linux 1 | php71-pecl-imagick | 2023-08-21 | ALAS-2023-1814 | Fixed |
| Amazon Linux 1 | php72-pecl-imagick | 2023-08-21 | ALAS-2023-1815 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.3 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
| NVD | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:N/A:P |
| NVD | CVSSv3 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |