CVE-2019-14981

Published: Aug 12, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.

Affected (11)

Products: Imagemagick: Imagemagick · Debian: Debian Linux · Canonical: Ubuntu Linux · +1 more

Show all products

Imagemagick: Imagemagick · Debian: Debian Linux · Canonical: Ubuntu Linux · Opensuse: Leap

1 product

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	From 6.0 to 6.9.10-41
Imagemagick Imagemagick	From 7.0.0-0 to 7.0.8-41

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04
Canonical Ubuntu Linux	Version 19.10

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1

Related CWEs

CWE-369

Divide By Zero

The product divides a value by zero.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://github.com/ImageMagick/ImageMagick/commit/a77d8d97f5a7bced0468f0b08798c83fb67427bc

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/1552

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/10/msg00028.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4192-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2020/dsa-4712

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html