CVE-2019-11472
Description
A crafted XWD image with invalid byte order causes a divide-by-zero error in ImageMagick's ReadXWDImage, leading to denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A crafted XWD image with invalid byte order causes a divide-by-zero error in ImageMagick's ReadXWDImage, leading to denial of service.
Vulnerability
In ImageMagick 7.0.8-41 Q16, the ReadXWDImage function in coders/xwd.c does not validate the bitmap_bit_order field of the XWD header. When the header indicates neither MSBFirst nor LSBFirst, a subsequent division operation uses an uninitialized or zero divisor, resulting in a divide-by-zero error (floating-point exception). This affects all versions up to and including the reported build [1].
Exploitation
An attacker can craft a malicious XWD image file with a header where the bitmap_bit_order byte is set to a value other than MSBFirst or LSBFirst. No authentication or special privileges are required; the victim only needs to process the file with an affected version of ImageMagick, for example by running identify -verbose on the file [1].
Impact
Successful exploitation causes a denial of service via a floating-point exception (FPE), crashing the ImageMagick process. The crash is immediate and does not require any user interaction beyond opening the file. No code execution or data disclosure is reported [1].
Mitigation
The issue is fixed in commit f663dfb for ImageMagick6, which adds a check that rejects headers with invalid bitmap_bit_order values [4]. Users should update to a patched version of ImageMagick (7.0.8-42 or later, or any release incorporating the fix). No workaround is available; the only mitigation is to avoid processing untrusted XWD files until the software is updated.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
186.9.10-0, 6.9.10-1, 6.9.10-10, …+ 1 more
- (no CPE)range: 6.9.10-0, 6.9.10-1, 6.9.10-10, …
- (no CPE)range: = 7.0.8-41
- osv-coords16 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4
< 7.0.7.34-lp151.7.3.1+ 15 more
- (no CPE)range: < 7.0.7.34-lp151.7.3.1
- (no CPE)range: < 7.0.7.34-lp151.7.3.1
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 7.0.7.34-3.61.3
- (no CPE)range: < 7.0.7.34-3.61.3
- (no CPE)range: < 7.0.7.34-3.61.3
- (no CPE)range: < 7.0.7.34-3.61.3
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing validation of the XWD header byte-order field allows a divide-by-zero when the field is neither LSB first nor MSB first."
Attack vector
An attacker crafts a malicious XWD image file whose header specifies a byte-order value that is neither LSB first nor MSB first. When ImageMagick's `ReadXWDImage` function processes this malformed header, it performs a division operation using an unvalidated or zero-valued field derived from the byte-order indicator, triggering a divide-by-zero (FPE) [ref_id=1]. The attacker only needs to deliver the crafted file to a victim who runs `identify -verbose $FILE` or any other ImageMagick command that triggers XWD parsing [ref_id=1].
Affected code
The vulnerability is in the `ReadXWDImage` function within `coders/xwd.c` [ref_id=1]. The ASAN backtrace shows the divide-by-zero error occurs at lines 490 and 520 of that file when processing a crafted XWD image file [ref_id=1].
What the fix does
The advisory does not include a patch diff. The recommended remediation is to add validation in `ReadXWDImage` to check that the XWD header's byte-order field is either LSB first or MSB first before using it in any arithmetic or division operations, preventing the divide-by-zero condition [ref_id=1]. Without such a check, any unrecognized byte-order value can lead to an uninitialized or zero divisor.
Preconditions
- configVictim must use ImageMagick 7.0.8-41 Q16 (or likely other versions) to process a crafted XWD file
- inputAttacker must deliver a specially crafted XWD image file with an invalid byte-order header field
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4034-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4712mitrevendor-advisoryx_refsource_DEBIAN
- github.com/ImageMagick/ImageMagick/issues/1546mitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/08/msg00030.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.