CVE-2019-10131

High

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in…

redhat·CWE-193·Published 2019-04-30

CVSS

7.1

EPSS

0.01

KEV

Exploits

cve.orgen

238 chars

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.

NVDen

238 chars

NVDes

263 chars

Se encontró una vulnerabilidad de lectura off-by-one en ImageMagick anterior a la versión 7.0.7-28 en la función formatIPTCfromBuffer en coders/meta.c. Un atacante local puede utilizar este fallo para leer más allá del final del búfer o para bloquear el programa.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:P/I:N/A:P
3.0	Primary	cve.org	6.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L