CVE-2019-13135
HIGHImagemagick < 6.9.10-50 - Use of Uninitialized Resource
Title source: ruleDescription
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
References (10)
Core 10
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/ImageMagick/ImageMagick/issues/1599
Patch, Third Party Advisory x_refsource_misc
https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d
Patch, Third Party Advisory x_refsource_misc
https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K20336394
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K20336394?utm_source=f5support&%3Butm_medium=RSS
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4192-1/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2020/dsa-4712
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
Scores
CVSS v3
8.8
EPSS
0.0259
EPSS Percentile
85.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-908
Status
published
Products (10)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.04
canonical/ubuntu_linux
19.10
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
f5/big-ip_application_acceleration_manager
11.5.2 - 11.6.5.2
f5/big-ip_webaccelerator
11.5.2 - 11.6.5.2
imagemagick/imagemagick
< 6.9.10-50
Published
Jul 01, 2019
Tracked Since
Feb 18, 2026