Base Score

HIGH8.8

CVE-2019-13135

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.

VectorNETWORK

Published Bycve@mitre.org

Published DateJul 01, 2019, 20:15

Weakness Type (CWE):CWE-908

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html
https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d
https://github.com/ImageMagick/ImageMagick/issues/1599
https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d
https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html
https://support.f5.com/csp/article/K20336394
https://support.f5.com/csp/article/K20336394?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4192-1/
https://www.debian.org/security/2020/dsa-4712

Base Score

HIGH8.8

Weakness Type (CWE):CWE-908

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH