CVE-2019-10649

MEDIUM

Imagemagick - Memory Leak

Title source: rule

Description

In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.

References (4)

[Broken Link] http://www.securityfocus.com/bid/107645

[Exploit, Patch, Third Party Advisory] https://github.com/ImageMagick/ImageMagick/issues/1533

[Third Party Advisory] https://usn.ubuntu.com/4034-1/

[Third Party Advisory] https://www.debian.org/security/2020/dsa-4712

Scores

CVSS v3 5.5

EPSS 0.0048

EPSS Percentile 64.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (6)

imagemagick/imagemagick

debian/debian_linux

canonical/ubuntu_linux

Timeline

Published Mar 30, 2019

Tracked Since Feb 18, 2026