CVE-2019-17541

HIGH

Imagemagick < 6.9.10-55 - Use After Free

Title source: rule

Description

ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.

References (4)

Core 4

Core References

Exploit, Patch, Third Party Advisory x_refsource_misc

https://github.com/ImageMagick/ImageMagick/issues/1641

Patch, Third Party Advisory x_refsource_misc

https://github.com/ImageMagick/ImageMagick/commit/39f226a9c137f547e12afde972eeba7551124493

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_misc

https://github.com/ImageMagick/ImageMagick/compare/7.0.8-54...7.0.8-55

Issue Tracking, Third Party Advisory x_refsource_misc

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827

Scores

CVSS v3 8.8

EPSS 0.0020

EPSS Percentile 42.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (1)

imagemagick/imagemagick < 6.9.10-55

Published Oct 14, 2019

Tracked Since Feb 18, 2026