VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2019· Updated Aug 5, 2024

CVE-2019-19951

CVE-2019-19951

Description

Heap-based buffer overflow in GraphicsMagick 1.4 snapshot-20190423 Q8's ImportRLEPixels function in coders/miff.c allows arbitrary code execution via crafted MIFF file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Heap-based buffer overflow in GraphicsMagick 1.4 snapshot-20190423 Q8's ImportRLEPixels function in coders/miff.c allows arbitrary code execution via crafted MIFF file.

Vulnerability

A heap-based buffer overflow exists in the ImportRLEPixels function in coders/miff.c of GraphicsMagick 1.4 snapshot-20190423 Q8. The vulnerability occurs during processing of Run-Length Encoded (RLE) MIFF images, leading to a write beyond the allocated heap buffer [1].

Exploitation

An attacker can trigger the overflow by supplying a crafted MIFF image file to the gm convert command. No special privileges are required; the victim must only open the malicious file with GraphicsMagick [1].

Impact

Successful exploitation of the heap overflow could allow an attacker to corrupt adjacent heap memory, potentially leading to arbitrary code execution. The bug report confirms a heap-buffer-overflow write of size 1, indicating a memory corruption vulnerability [1].

Mitigation

As of the reference, no official patch has been released. Users are advised to restrict processing of untrusted MIFF files or disable MIFF support using policy files. Upgrading to a more recent version of GraphicsMagick (if available) may include a fix [1].

References
  1. GraphicsMagick / Bugs / #608 heap-buffer-overflow in ImportRLEPixels of coders/miff.c

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"A heap-based buffer overflow occurs in the ImportRLEPixels function when processing RLE encoded MIFF images."

Attack vector

An attacker can trigger this vulnerability by providing a specially crafted MIFF image file to the GraphicsMagick `convert` utility. The vulnerability is triggered during the image processing pipeline, specifically when the `ImportRLEPixels` function attempts to read RLE encoded pixel data. This can lead to a crash or potentially arbitrary code execution if the overflow is exploited.

Affected code

The vulnerability resides in the `ImportRLEPixels` function located in the file `coders/miff.c` [ref_id=1]. The stack trace indicates that this function is called during the image reading process, specifically within `ReadMIFFImage` and subsequently by `ReadImage`.

What the fix does

The advisory does not provide a patch or specific remediation steps. However, the vulnerability is located in the `ImportRLEPixels` function within `coders/miff.c`. A fix would likely involve ensuring that the size of the RLE data being written does not exceed the allocated buffer boundaries, preventing the heap-based buffer overflow.

Preconditions

  • inputThe system must process a malicious MIFF image file.
  • configGraphicsMagick version 1.4 snapshot-20190423 Q8 must be installed.

Reproduction

gm convert ./heap-buffer-overflow_ImportRLEPixels /dev/null

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.