NVD Vulnerability Detail

CVE-2019-10131

Summary	An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
Publication Date	May 1, 2019, 4:29 a.m.
Registration Date	Jan. 26, 2021, 11:37 a.m.
Last Update	Nov. 21, 2024, 1:18 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:imagemagick:imagemagick::::::::				6.9.9-40
cpe:2.3:a:imagemagick:imagemagick::::::::	7.0.0-0			7.0.7-28

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:o:opensuse:leap:42.3:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00051.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00051.html	Mailing List Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html	Mailing List Third Party Advisory
5	http://www.securityfocus.com/bid/108117	Broken Link
6	http://www.securityfocus.com/bid/108117	Broken Link
7	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10131	Issue Tracking Patch Third Party Advisory
8	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10131	Issue Tracking Patch Third Party Advisory
9	https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e	Patch Third Party Advisory
10	https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e	Patch Third Party Advisory
11	https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html	Mailing List Third Party Advisory
12	https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html	Mailing List Third Party Advisory
13	https://usn.ubuntu.com/4034-1/	Third Party Advisory
14	https://usn.ubuntu.com/4034-1/	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-193	境界条件の判定	https://cwe.mitre.org/data/definitions/193.html

JVN Vulnerability Information

ImageMagick におけるバッファエラーの脆弱性

Title	ImageMagick におけるバッファエラーの脆弱性
Summary	ImageMagick には、バッファエラーの脆弱性が存在します。
Possible impacts	情報を取得される、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 30, 2019, midnight
Registration Date	May 27, 2019, 4:44 p.m.
Last Update	May 27, 2019, 4:44 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux

ImageMagick

ImageMagick 7.0.7-28 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2019-10131	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10131
National Vulnerability Database (NVD)
2	CVE-2019-10131	https://nvd.nist.gov/vuln/detail/CVE-2019-10131

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
GitHub
1	ImageMagick	https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e
Red Hat Bugzilla
2	Bug 1704762	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10131

Change Log

No	Changed Details	Date of change
1	[2019年05月27日] 掲載	May 27, 2019, 4:44 p.m.