ImageMagick WriteTIFFImage Heap-Based Buffer Over-Read Vulnerability [CVE-2019-11597]

CVE Number – CVE-2019-11597

A vulnerability in the WriteTIFFImage function of ImageMagick could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is caused by a heap-based buffer over-read condition in the WriteTIFFImagefunction in the tiff.c source code file of the affected software. An attacker could exploit this vulnerability by persuading a user to open a malicious image file. A successful exploit could allow the attacker to cause a DoS condition on the targeted system.Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.ImageMagick has not confirmed this vulnerability and software updates are not available.

Analysis

• To exploit this vulnerability, an attacker must be able to create a malicious image file and persuade a user to open the file on a targeted system. These requirements could reduce the likelihood of a successful attack.
  

Safeguards

• Administrators are advised to contact the vendor for future updates.Administrators are advised to allow only trusted users to have network access.Administrators are advised to run both firewall and antivirus applications to minimize the potential of inbound and outbound threats.Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.Administrators can help protect affected systems from external attacks by using a solid firewall strategy.

Vendor Announcements

• At the time this alert was first published, ImageMagick had not released a security announcement.

Fixed Software

• At the time this alert was first published, ImageMagick had not released a software update