CVE-2019-11472

{"id": "CVE-2019-11472", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-04-23T14:29:00.837", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html", "source": "cve@mitre.org"}, {"url": "https://github.com/ImageMagick/ImageMagick/issues/1546", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4034-1/", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2020/dsa-4712", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ImageMagick/ImageMagick/issues/1546", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/4034-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2020/dsa-4712", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-369"}]}], "descriptions": [{"lang": "en", "value": "ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first."}, {"lang": "es", "value": "ReadXWDImage en coders/xwd.c en el componente de an\u00e1lisis de im\u00e1genes XWD de ImageMagick 7.0.8-41 Q16 permite a los atacantes causar una denegaci\u00f3n de servicio (error de divisi\u00f3n por cero) al crear un archivo de imagen XWD en el que el encabezado indica ni LSB primero ni MSB primero."}], "lastModified": "2024-11-21T04:21:08.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:7.0.8-41:q16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34C2A939-19C7-4BC0-8DE5-E3D612C99B0E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}