VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 8, 2019· Updated Aug 4, 2024

CVE-2019-11005

CVE-2019-11005

Description

A stack buffer overflow in GraphicsMagick's SVG parser allows denial of service via a crafted SVG file with a long quoted font family value.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stack buffer overflow in GraphicsMagick's SVG parser allows denial of service via a crafted SVG file with a long quoted font family value.

Vulnerability

A stack-based buffer overflow exists in the SVGStartElement function of coders/svg.c in GraphicsMagick 1.4 snapshot-20190322 Q8. The vulnerability is triggered when parsing an SVG file that contains a font-family attribute with a quoted value that exceeds the allocated stack buffer size. This allows an attacker to overwrite adjacent stack memory [1].

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted SVG file with an overly long quoted font family value. No authentication is required; the attack can be delivered via any vector that causes GraphicsMagick to process the malicious SVG, such as a web upload or email attachment. The overflow occurs during the parsing stage, leading to a crash.

Impact

Successful exploitation results in a denial of service (application crash) due to the stack buffer overflow. The official description notes the possibility of "unspecified other impact," but no further details are provided in the available references.

Mitigation

The issue was reported and subsequently fixed in a later version of GraphicsMagick. Users should upgrade to a version that includes the patch. The bug tracker [1] marks the issue as closed-fixed. No workarounds are documented; the safest mitigation is to update to the latest release.

References
  1. GraphicsMagick / Bugs / #600 stack-buffer-overflow in function SVGStartElement of coders/svg.c

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing bounds check when copying a quoted font family value into a fixed-size stack buffer in SVGStartElement."

Attack vector

An attacker crafts a malicious SVG file containing a `font-family` attribute with an overly long quoted value. When GraphicsMagick parses this SVG via `ReadSVGImage`, the `SVGStartElement` function copies the font family string into a fixed-size stack buffer without proper bounds checking, causing a stack-buffer-overflow [ref_id=1]. The attack requires no authentication and can be delivered over the network by tricking a user or service into processing the crafted SVG.

Affected code

The vulnerability resides in the function `SVGStartElement` in `coders/svg.c` (line 1752). The stack buffer overflow occurs when processing a quoted font family value in an SVG file, leading to a write past the end of a stack-allocated buffer.

What the fix does

The patch is not included in the bundle, but the bug report status is 'closed-fixed', indicating a fix was applied. The fix likely adds bounds checking on the font family value before copying it into the stack buffer, or replaces the fixed-size buffer with a dynamically-sized one to prevent overflow.

Preconditions

  • inputThe attacker must supply a crafted SVG file with a quoted font-family value exceeding the stack buffer size.
  • configThe victim must process the SVG file using GraphicsMagick (e.g., via `gm convert` or an application using the library).

Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.