CVE-2019-17540
Description
Heap-based buffer overflow in ImageMagick's ReadPSInfo function before 7.0.8-54 allows denial of service or potential code execution via crafted PostScript file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap-based buffer overflow in ImageMagick's ReadPSInfo function before 7.0.8-54 allows denial of service or potential code execution via crafted PostScript file.
Vulnerability
A heap-based buffer overflow exists in the ReadPSInfo function in coders/ps.c of ImageMagick before version 7.0.8-54. The flaw is triggered when processing a specially crafted PostScript file, leading to memory corruption [1][2].
Exploitation
An attacker can exploit this vulnerability by supplying a malicious PostScript file that, when processed by ImageMagick, causes a heap overflow. No authentication or special privileges are required; user interaction (e.g., opening the file) is sufficient to trigger the bug [1].
Impact
Successful exploitation results in a heap-based buffer overflow, which can lead to a denial of service (crash) or, potentially, arbitrary code execution in the context of the user running ImageMagick [1][2].
Mitigation
Upgrade to ImageMagick version 7.0.8-54 or later. The fix was introduced in the commits shown in reference [1]. Debian distributions (bullseye, bookworm, trixie, sid) have released updated packages [2]. If upgrading is not immediately possible, avoid processing untrusted PostScript files with ImageMagick.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
13- ImageMagick/ImageMagickdescription
- Range: <7.0.8-54
- osv-coords11 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 7.0.7.34-150200.10.31.1+ 10 more
- (no CPE)range: < 7.0.7.34-150200.10.31.1
- (no CPE)range: < 7.0.7.34-150200.10.31.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 7.0.7.34-150200.10.31.1
- (no CPE)range: < 7.0.7.34-150200.10.31.1
- (no CPE)range: < 6.8.8.1-71.177.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.177.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.177.1
- (no CPE)range: < 6.8.8.1-71.177.1
Patches
11 file changed · +1 −1
ChangeLog+1 −1 modified@@ -1,5 +1,5 @@ 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> - * Release ImageMagick version 7.0.8-54, GIT revision 15911:853b9dc:20190716. + * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- bugs.chromium.org/p/oss-fuzz/issues/detailmitrex_refsource_MISC
- bugs.debian.org/cgi-bin/bugreport.cgimitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick/compare/7.0.8-53...7.0.8-54mitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick/compare/master%40%7B2019-07-15%7D...master%40%7B2019-07-17%7Dmitrex_refsource_MISC
- security-tracker.debian.org/tracker/CVE-2019-17540mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.