CVE-2019-11473
Description
GraphicsMagick 1.3.31 has an out-of-bounds read in coders/xwd.c via a crafted XWD image, causing denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GraphicsMagick 1.3.31 has an out-of-bounds read in coders/xwd.c via a crafted XWD image, causing denial of service.
Vulnerability
The vulnerability resides in coders/xwd.c in GraphicsMagick version 1.3.31. An out-of-bounds read occurs when processing a specially crafted XWD image file. This is distinct from previously reported issues CVE-2019-11008 and CVE-2019-11009.
Exploitation
An attacker can trigger the vulnerability by providing a malicious XWD image file to be processed by GraphicsMagick. No special privileges or network position beyond the ability to supply the file are required; user interaction may be needed if the file is opened via an application using GraphicsMagick.
Impact
Successful exploitation results in an out-of-bounds read, leading to an application crash and denial of service. There is no indication of code execution or information disclosure beyond the crash.
Mitigation
No fix or workaround is disclosed in the available references. Users of GraphicsMagick 1.3.31 should monitor for updates from the project or their distribution. The Fedora package announcements referenced are inaccessible and do not provide mitigation details.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4= 1.3.31+ 1 more
- (no CPE)range: = 1.3.31
- (no CPE)range: =1.3.31
- osv-coords2 versionspkg:rpm/opensuse/GraphicsMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Package%20Hub%2015
< 1.3.29-lp150.3.28.1+ 1 more
- (no CPE)range: < 1.3.29-lp150.3.28.1
- (no CPE)range: < 1.3.29-bp150.2.21.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
12- lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4207-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4640mitrevendor-advisoryx_refsource_DEBIAN
- hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bdmitrex_refsource_MISC
- hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8mitrex_refsource_MISC
- www.graphicsmagick.org/Changelog.htmlmitrex_refsource_MISC
- www.securityfocus.com/bid/108055mitrevdb-entryx_refsource_BID
- lists.debian.org/debian-lts-announce/2019/05/msg00027.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.