GraphicsMagick CVE-2019-11505 Heap Buffer Overflow Vulnerability

GraphicsMagick is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successful exploits may allow the attacker to crash the affected application. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
GraphicsMagick 1.3.8 through 1.4 snapshot-20190403 Q8 are vulnerable.


Bugtraq ID: 108063
Class: Boundary Condition Error
CVE: CVE-2019-11505

Remote: Yes
Local: No
Published: Apr 24 2019 12:00AM
Updated: Apr 24 2019 12:00AM
Credit: galycannon
Vulnerable: GraphicsMagick GraphicsMagick 1.3.9
GraphicsMagick GraphicsMagick 1.3.8
GraphicsMagick GraphicsMagick 1.4 snapshot-2019040

Not Vulnerable:


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Related Posts