VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 29, 2019· Updated Aug 4, 2024

CVE-2019-11597

CVE-2019-11597

Description

In ImageMagick 7.0.8-43 Q16, a heap-based buffer over-read in WriteTIFFImage allows denial of service or information disclosure via a crafted image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In ImageMagick 7.0.8-43 Q16, a heap-based buffer over-read in WriteTIFFImage allows denial of service or information disclosure via a crafted image.

Vulnerability

In ImageMagick 7.0.8-43 Q16, a heap-based buffer over-read exists in the WriteTIFFImage function of coders/tiff.c. This occurs when processing a specially crafted TIFF image, leading to an over-read of heap memory. [1]

Exploitation

An attacker can trigger this vulnerability by providing a crafted image file and executing magick convert $poc /dev/null. No authentication is required; the attacker only needs to trick a user or automated system into processing the malicious image with ImageMagick. [1]

Impact

Successful exploitation results in a denial of service (crash) and could lead to information disclosure through the heap-based buffer over-read. [1]

Mitigation

The vulnerability was fixed in a subsequent release of ImageMagick. Users should upgrade to the latest version to mitigate the issue. The official fix is tracked in the GitHub issue. [1]

References
  1. heap_buffer_overflow in WriteTIFFImage of coders/tiff.c

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

18

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Heap-based buffer over-read in WriteTIFFImage due to insufficient bounds checking when copying pixel data into a TIFF output buffer."

Attack vector

An attacker crafts a malicious image file that, when processed by ImageMagick's `convert` command, triggers a heap-buffer-overflow in the `WriteTIFFImage` function at `coders/tiff.c:4314` [ref_id=1]. The overflow occurs during a `memcpy` operation inside the libtiff library, reading 131072 bytes from a 4-byte allocated region [ref_id=1]. The attack requires no special privileges — the victim need only run `magick convert $poc /dev/null` on the crafted file [ref_id=1].

Affected code

The vulnerability resides in the `WriteTIFFImage` function within `coders/tiff.c` [ref_id=1]. The crash occurs at line 4314 during a `memcpy` call invoked through the libtiff library [ref_id=1]. The allocated region is only 4 bytes, but the read operation attempts to copy 131072 bytes, causing the over-read [ref_id=1].

What the fix does

No patch is included in the bundle. The issue was reported to the ImageMagick project via GitHub issue #1555 [ref_id=1], but the bundle does not contain a subsequent fix commit or advisory detailing remediation steps. The advisory does not specify whether a fix was ever released.

Preconditions

  • inputVictim must run ImageMagick's convert command (or any code path invoking WriteTIFFImage) on a crafted image file
  • authNo authentication or special privileges required

Reproduction

1. Obtain the proof-of-concept file referenced in the issue (not included in the bundle). 2. Run `magick convert $poc /dev/null` [ref_id=1]. 3. Observe the heap-buffer-overflow crash reported by AddressSanitizer at `coders/tiff.c:4314` [ref_id=1].

Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.