ImageMagick tif_dirwrite.c TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap DoS Vulnerability

By GIXnews


A vulnerability in ImageMagick could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap, as defined in the tif_dirwrite.c source code file of the affected software, and is due to improper memory operations that are performed by ImageMagick. The vulnerability manifests as a heap-based buffer over-read memory error condition. An attacker could exploit this vulnerability by persuading a user to access a file that submits malicious input to the affected software. A successful exploit could allow the attacker to cause a DoS condition on the system.

ImageMagick has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2019-15141

Source:: Cisco Multivendor Vulnerability Alerts