CVE-2019-11505
Description
Heap-buffer-overflow in GraphicsMagick's WritePDBImage allows denial of service or unspecified impact via crafted image.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap-buffer-overflow in GraphicsMagick's WritePDBImage allows denial of service or unspecified impact via crafted image.
Vulnerability
A heap-based buffer overflow exists in the WritePDBImage function of coders/pdb.c in GraphicsMagick versions 1.3.8 through 1.4 snapshot-20190403 Q8. The overflow occurs in MagickBitStreamMSBWrite in magick/bit_stream.c due to insufficient bounds checking when writing pixel data. A specially crafted image file can trigger this condition during the write operation [1].
Exploitation
An attacker can trigger the overflow by supplying a malicious image file and convincing a user to process it with an affected version of GraphicsMagick (e.g., via gm convert to PDB format). No special network position or authentication is required; the vulnerability is reachable through standard image processing workflows involving untrusted user files [1].
Impact
Successful exploitation results in a heap-buffer-overflow, which can cause a denial of service (application crash) and potentially other impacts such as memory corruption or arbitrary code execution, though the exact extent is not fully disclosed in the available references [1].
Mitigation
As of the reference date no patched version is specifically identified. Users should upgrade GraphicsMagick to the latest stable release after 1.4 snapshot-20190403 once a fix is available. As a workaround, avoid processing untrusted images with affected versions. No known KEV listing exists [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19- Range: >=1.3.8, <=1.4 snapshot-20190403 Q8
- osv-coords18 versionspkg:rpm/opensuse/GraphicsMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4
< 1.3.29-lp150.3.28.1+ 17 more
- (no CPE)range: < 1.3.29-lp150.3.28.1
- (no CPE)range: < 7.0.7.34-lp151.7.3.1
- (no CPE)range: < 7.0.7.34-lp151.7.3.1
- (no CPE)range: < 1.3.29-bp150.2.21.1
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 7.0.7.34-3.61.3
- (no CPE)range: < 7.0.7.34-3.61.3
- (no CPE)range: < 7.0.7.34-3.61.3
- (no CPE)range: < 7.0.7.34-3.61.3
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Insufficient buffer allocation in WritePDBImage leads to a heap-buffer-overflow when MagickBitStreamMSBWrite writes pixel data past the allocated region."
Attack vector
An attacker supplies a crafted image file that, when processed by GraphicsMagick's `convert` command, triggers a heap-buffer-overflow in `WritePDBImage` [ref_id=1]. The overflow occurs during the write of pixel data into an undersized buffer allocated at `coders/pdb.c:943`, leading to a write of 1 byte past the end of a 2-byte heap region [ref_id=1]. This can cause a denial of service (crash) and potentially other unspecified impacts [ref_id=1].
Affected code
The heap-buffer-overflow occurs in `WritePDBImage` in `coders/pdb.c` and the underlying write primitive is `MagickBitStreamMSBWrite` in `magick/bit_stream.c` [ref_id=1]. The crash trace shows the overflow at `magick/bit_stream.c:125` during the export of gray quantum data via `ExportGrayQuantumType` [ref_id=1].
What the fix does
The advisory does not include a published patch or explicit remediation steps [ref_id=1]. The bug report only documents the crash and affected versions (1.3.8 through 1.4 snapshot-20190403 Q8) [ref_id=1]. Without a patch diff, the fix would need to ensure the buffer allocated in `WritePDBImage` is large enough for the bit-stream writes performed by `MagickBitStreamMSBWrite`.
Preconditions
- inputThe attacker must provide a crafted image file that, when converted to PDB format, causes WritePDBImage to allocate an undersized buffer.
- inputThe victim must run GraphicsMagick's `gm convert` (or equivalent) on the malicious file.
Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
11- lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4207-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4640mitrevendor-advisoryx_refsource_DEBIAN
- hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246amitrex_refsource_MISC
- www.securityfocus.com/bid/108063mitrevdb-entryx_refsource_BID
- lists.debian.org/debian-lts-announce/2019/05/msg00027.htmlmitremailing-listx_refsource_MLIST
- sourceforge.net/p/graphicsmagick/bugs/605/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.