{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-25T14:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/issues/1523"}, {"name": "107546", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107546"}, {"name": "107672", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107672"}, {"name": "DSA-4436", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4436"}, {"name": "20190429 [SECURITY] [DSA 4436-1] imagemagick security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Apr/37"}, {"name": "openSUSE-SU-2019:1320", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"}, {"name": "openSUSE-SU-2019:1331", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html"}, {"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"}, {"name": "USN-4034-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4034-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9956", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ImageMagick/ImageMagick/issues/1523", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/1523"}, {"name": "107546", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107546"}, {"name": "107672", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107672"}, {"name": "DSA-4436", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4436"}, {"name": "20190429 [SECURITY] [DSA 4436-1] imagemagick security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/37"}, {"name": "openSUSE-SU-2019:1320", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"}, {"name": "openSUSE-SU-2019:1331", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html"}, {"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"}, {"name": "USN-4034-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4034-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:10:08.307Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ImageMagick/ImageMagick/issues/1523"}, {"name": "107546", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107546"}, {"name": "107672", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107672"}, {"name": "DSA-4436", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4436"}, {"name": "20190429 [SECURITY] [DSA 4436-1] imagemagick security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Apr/37"}, {"name": "openSUSE-SU-2019:1320", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"}, {"name": "openSUSE-SU-2019:1331", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html"}, {"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"}, {"name": "USN-4034-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4034-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9956", "datePublished": "2019-03-23T23:14:54", "dateReserved": "2019-03-23T00:00:00", "dateUpdated": "2024-08-04T22:10:08.307Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:7.0.8-35:q16:*:*:*:*:*:*", "matchCriteriaId": "7D254272-9A50-4719-8FC1-3DB7E74B141F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en ImageMagick 7.0.8-35 Q16 en la funci\u00f3n PopHexPixel en coders/ps.c. Esta vulnerabilidad permite que los atacantes provoquen una denegaci\u00f3n de servicio mediante un archivo de imagen manipulado."}], "id": "CVE-2019-9956", "lastModified": "2024-11-21T04:52:40.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-24T00:29:00.213", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107546"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107672"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/issues/1523"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Apr/37"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4034-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4436"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107546"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107672"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/issues/1523"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Apr/37"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4034-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4436"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:1180", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "autotrace-0:0.31.1-38.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}, {"advisory": "RHSA-2020:1180", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "emacs-1:24.3-23.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}, {"advisory": "RHSA-2020:1180", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ImageMagick-0:6.9.10.68-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}, {"advisory": "RHSA-2020:1180", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "inkscape-0:0.92.2-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}], "bugzilla": {"description": "imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c", "id": "1692300", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692300"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L", "status": "verified"}, "cwe": "CWE-121", "details": ["In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file."], "name": "CVE-2019-9956", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2019-03-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-9956\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9956"], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a\nsecurity impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the\nRed Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}