DescriptionIn ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2366-1, DSA-4712-1
NVD severitymedium
Debian Bugs931633

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
imagemagick (PTS)stretch8:
stretch (security)8:
buster, buster (security)8:
bookworm, sid, bullseye8:

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
Patch is insufficient, partly reverted by the CVE-2019-13308 patch
which seems to be the actual patch for this issue.

Search for package or bug name: Reporting problems