Launchpad CVE tracker

CVE 2019-10131

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.

Related bugs and status

CVE-2019-10131 (Candidate) is related to these bugs:

Bug #1797647: imagemagick policy.xml typo for EPS files in bionic security update (8:6.9.7.4+dfsg-16ubuntu6.4)

Summary				In	Importance	Status
	1797647	imagemagick policy.xml typo for EPS files in bionic security update (8:6.9.7.4+dfsg-16ubuntu6.4)		imagemagick (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 108117
CONFIRM: https://bugzilla.redha...
CONFIRM: https://github.com/Ima...
SUSE: openSUSE-SU-2019:1427
UBUNTU: USN-4034-1
SUSE: openSUSE-SU-2019:1683
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2019-10131

Related bugs and status

Related bugs

References