CVE-2019-11474
Description
GraphicsMagick 1.3.31 crashes with a floating-point exception when processing a crafted XWD image file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GraphicsMagick 1.3.31 crashes with a floating-point exception when processing a crafted XWD image file.
Vulnerability
In GraphicsMagick 1.3.31, the file coders/xwd.c contains a flaw that allows an attacker to cause a floating-point exception and application crash by providing a specially crafted XWD (X Window Dump) image file. The vulnerability is distinct from CVE-2019-11008 and CVE-2019-11009 [1] [2].
Exploitation
An attacker can trigger the vulnerability by convincing a user or an automated process to open a malicious XWD image file using GraphicsMagick. No authentication or special privileges are required; the attack vector is local or remote if the application processes images from untrusted sources.
Impact
Successful exploitation results in a denial of service (DoS) due to a floating-point exception, causing the application to crash. No code execution or data leakage is indicated.
Mitigation
Not yet disclosed in the available references. Users should monitor the GraphicsMagick project for a patched release and apply updates as soon as available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4= 1.3.31+ 1 more
- (no CPE)range: = 1.3.31
- (no CPE)range: = 1.3.31
- osv-coords2 versionspkg:rpm/opensuse/GraphicsMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Package%20Hub%2015
< 1.3.29-lp150.3.28.1+ 1 more
- (no CPE)range: < 1.3.29-lp150.3.28.1
- (no CPE)range: < 1.3.29-bp150.2.21.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
12- lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4207-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4640mitrevendor-advisoryx_refsource_DEBIAN
- hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bdmitrex_refsource_MISC
- hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8mitrex_refsource_MISC
- www.graphicsmagick.org/Changelog.htmlmitrex_refsource_MISC
- www.securityfocus.com/bid/108055mitrevdb-entryx_refsource_BID
- lists.debian.org/debian-lts-announce/2019/05/msg00027.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.