CVE-2019-7396

moderate-risk

Published 2019-02-05

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.

Do I need to act?

3.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Imagemagick

Leap

Debian Linux

Ubuntu Linux

Debian Imagemagick Canonical Opensuse

Broken Link http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html

Third Party Advisory http://www.securityfocus.com/bid/106849

Patch https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de...

Exploit https://github.com/ImageMagick/ImageMagick/issues/1452

Third Party Advisory https://usn.ubuntu.com/4034-1/

Third Party Advisory https://www.debian.org/security/2020/dsa-4712

Broken Link http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html

Third Party Advisory http://www.securityfocus.com/bid/106849

Patch https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de...

Exploit https://github.com/ImageMagick/ImageMagick/issues/1452

Third Party Advisory https://usn.ubuntu.com/4034-1/

Third Party Advisory https://www.debian.org/security/2020/dsa-4712

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 7/34 · Low

Exposure 14/34 · Moderate