CVE-2019-13136
Description
Integer overflow in ImageMagick's TIFFSeekCustomStream before 7.0.8-50 allows potential denial of service or other impacts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in ImageMagick's TIFFSeekCustomStream before 7.0.8-50 allows potential denial of service or other impacts.
Vulnerability
An integer overflow vulnerability exists in the TIFFSeekCustomStream function in coders/tiff.c in ImageMagick before version 7.0.8-50. Specifically, in the SEEK_CUR case, the computation profile->offset + offset is performed without proper bounds checking, leading to a possible integer overflow. This issue is documented in [2] and was resolved in commit fe5f4b8 [1].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted TIFF file that triggers the vulnerable code path. No authentication or special privileges are required; the victim simply needs to process the malicious file using an affected version of ImageMagick. The overflow occurs during the seeking operation, which may lead to out-of-bounds access or other undefined behavior.
Impact
Successful exploitation could result in denial of service (e.g., application crash) or potentially memory corruption and arbitrary code execution, depending on the environment. The exact impact is not fully described in the available references, but integer overflows in such contexts are often security-critical.
Mitigation
The vulnerability is fixed in ImageMagick version 7.0.8-50 and later. Users should upgrade to this version or apply the patch from commit fe5f4b8 [1]. No workarounds are documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- ImageMagick/ImageMagickdescription
- Range: <7.0.8-50
- osv-coords10 versionspkg:apk/chainguard/imagemagick-6pkg:apk/chainguard/imagemagick-6-devpkg:apk/chainguard/imagemagick-6-docpkg:apk/chainguard/imagemagick-6-staticpkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1
< 0+ 9 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.htmlmitrevendor-advisoryx_refsource_SUSE
- github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891mitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick/issues/1602mitrex_refsource_MISC
- support.f5.com/csp/article/K03512441mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.