{"id":"CVE-2019-13308","details":"ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.","modified":"2026-04-11T08:55:55.911667Z","published":"2019-07-05T01:15:10.750Z","related":["SUSE-SU-2019:2010-1","SUSE-SU-2019:2106-1","openSUSE-SU-2019:1983-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4192-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4712"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/61135001a625364e29bdce83832f043eebde7b5a"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/issues/1595"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"61135001a625364e29bdce83832f043eebde7b5a"}]},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"fixed":"19651f3db63fa1511ed83a348c4c82fa553f8d01"}]},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"61135001a625364e29bdce83832f043eebde7b5a"}]},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"fixed":"19651f3db63fa1511ed83a348c4c82fa553f8d01"}]}],"versions":["6.9.10-0","6.9.10-1","6.9.10-10","6.9.10-11","6.9.10-12","6.9.10-13","6.9.10-14","6.9.10-15","6.9.10-16","6.9.10-17","6.9.10-18","6.9.10-19","6.9.10-2","6.9.10-20","6.9.10-21","6.9.10-22","6.9.10-23","6.9.10-24","6.9.10-25","6.9.10-26","6.9.10-27","6.9.10-28","6.9.10-29","6.9.10-3","6.9.10-30","6.9.10-31","6.9.10-32","6.9.10-33","6.9.10-34","6.9.10-35","6.9.10-36","6.9.10-37","6.9.10-38","6.9.10-39","6.9.10-4","6.9.10-40","6.9.10-41","6.9.10-42","6.9.10-43","6.9.10-44","6.9.10-45","6.9.10-46","6.9.10-47","6.9.10-48","6.9.10-49","6.9.10-5","6.9.10-6","6.9.10-7","6.9.10-8","6.9.10-9","6.9.4-0","6.9.4-1","6.9.4-10","6.9.4-2","6.9.4-3","6.9.4-4","6.9.4-5","6.9.4-6","6.9.4-7","6.9.4-8","6.9.4-9","6.9.5-0","6.9.5-1","6.9.5-10","6.9.5-2","6.9.5-3","6.9.5-4","6.9.5-5","6.9.5-6","6.9.5-7","6.9.5-8","6.9.5-9","6.9.6-0","6.9.6-1","6.9.6-2","6.9.6-3","6.9.6-4","6.9.6-5","6.9.6-6","6.9.6-7","6.9.6-8","6.9.7-0","6.9.7-1","6.9.7-10","6.9.7-2","6.9.7-3","6.9.7-4","6.9.7-5","6.9.7-6","6.9.7-7","6.9.7-8","6.9.7-9","6.9.8-0","6.9.8-1","6.9.8-10","6.9.8-2","6.9.8-3","6.9.8-4","6.9.8-5","6.9.8-6","6.9.8-7","6.9.8-8","6.9.8-9","6.9.9-0","6.9.9-1","6.9.9-10","6.9.9-11","6.9.9-12","6.9.9-13","6.9.9-14","6.9.9-15","6.9.9-17","6.9.9-18","6.9.9-19","6.9.9-2","6.9.9-20","6.9.9-21","6.9.9-22","6.9.9-23","6.9.9-24","6.9.9-25","6.9.9-26","6.9.9-27","6.9.9-28","6.9.9-29","6.9.9-3","6.9.9-30","6.9.9-31","6.9.9-32","6.9.9-33","6.9.9-34","6.9.9-35","6.9.9-36","6.9.9-37","6.9.9-38","6.9.9-39","6.9.9-4","6.9.9-40","6.9.9-41","6.9.9-42","6.9.9-43","6.9.9-44","6.9.9-45","6.9.9-46","6.9.9-47","6.9.9-48","6.9.9-49","6.9.9-5","6.9.9-50","6.9.9-51","6.9.9-6","6.9.9-7","6.9.9-8","6.9.9-9","7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.2-0","7.0.2-1","7.0.2-10","7.0.2-2","7.0.2-3","7.0.2-4","7.0.2-5","7.0.2-6","7.0.2-7","7.0.2-8","7.0.2-9","7.0.3-0","7.0.3-1","7.0.3-10","7.0.3-2","7.0.3-3","7.0.3-4","7.0.3-5","7.0.3-6","7.0.3-7","7.0.3-8","7.0.3-9","7.0.4-0","7.0.4-1","7.0.4-10","7.0.4-2","7.0.4-3","7.0.4-4","7.0.4-5","7.0.4-6","7.0.4-7","7.0.4-8","7.0.4-9","7.0.5-0","7.0.5-1","7.0.5-10","7.0.5-2","7.0.5-3","7.0.5-4","7.0.5-5","7.0.5-6","7.0.5-7","7.0.5-8","7.0.5-9","7.0.6-0","7.0.6-1","7.0.6-2","7.0.6-3","7.0.6-4","7.0.6-5","7.0.6-6","7.0.6-7","7.0.6-8","7.0.6-9","7.0.7-0","7.0.7-1","7.0.7-10","7.0.7-11","7.0.7-12","7.0.7-13","7.0.7-14","7.0.7-15","7.0.7-16","7.0.7-17","7.0.7-18","7.0.7-19","7.0.7-2","7.0.7-20","7.0.7-21","7.0.7-22","7.0.7-23","7.0.7-24","7.0.7-25","7.0.7-26","7.0.7-27","7.0.7-28","7.0.7-29","7.0.7-3","7.0.7-30","7.0.7-31","7.0.7-32","7.0.7-33","7.0.7-34","7.0.7-35","7.0.7-36","7.0.7-37","7.0.7-38","7.0.7-39","7.0.7-4","7.0.7-5","7.0.7-6","7.0.7-8","7.0.7-9","7.0.7.7","7.0.8-0","7.0.8-1","7.0.8-10","7.0.8-11","7.0.8-12","7.0.8-13","7.0.8-14","7.0.8-15","7.0.8-16","7.0.8-17","7.0.8-18","7.0.8-19","7.0.8-2","7.0.8-20","7.0.8-21","7.0.8-22","7.0.8-23","7.0.8-24","7.0.8-25","7.0.8-26","7.0.8-27","7.0.8-28","7.0.8-29","7.0.8-3","7.0.8-30","7.0.8-31","7.0.8-32","7.0.8-33","7.0.8-34","7.0.8-35","7.0.8-36","7.0.8-37","7.0.8-38","7.0.8-39","7.0.8-4","7.0.8-40","7.0.8-41","7.0.8-42","7.0.8-43","7.0.8-44","7.0.8-45","7.0.8-46","7.0.8-47","7.0.8-48","7.0.8-49","7.0.8-5","7.0.8-6","7.0.8-7","7.0.8-8","7.0.8-9"],"database_specific":{"vanir_signatures":[{"target":{"file":"MagickCore/fourier.c"},"signature_type":"Line","id":"CVE-2019-13308-19c5f34e","digest":{"threshold":0.9,"line_hashes":["204855518540605257902283925169005303251","42861567429426368169022482558514866964","316463807009397722747100028080474955025","34141689287914964274372476523482677407","179320657494646854609104871005601341794","173758702093292735191981648911980462775","99752428333817084800308151890671910003","29163484896344491268682491804623468793","107652872086716590109850256437849295974","190810793818217649094732137235242445008","26265444806122912764508956260708242969","96824634526532411266622069132811761085","109219590298702621787289432604726821464","59539745964977549434164764237636862278","338075758582012979410755927414977063648","41100469283919380442516774300016728027","14274638297244796301561301801048121835","1346195874803581634593592174753467236","101970012275507157161343600419076049164","225170693079892299591325859295653798305","168872497985993016499181170130591779777","85314051234581769881152407877404374281","238384519482087803075356364699861305532","133511161709855471928431577682158868276","61900544740153858470197877298765615622","185367421167360924780478875715431334556","194519165576095248654276699843055342931","104484008066855009905447896469744264099","129181426106341375392313564444173127550","124259577514708124869594178319239535576","151457405699671475286066877563771946979","144167856962957231798669434004757330640","177099874243922697515715136260882293965","197268606770119260352876485812228176651","141169827760083475997040647204672557624","137990065375121532675418875146039485711","140488117081442701355408843184119750389","264426976117535494056255660406870104225","320414727084629562356437667276407165841","283686096012942358188799134499624346307","261190338311896970308882835667373186050","253358096993178581629689249722180143650","55087866933666419462958341516034557861"]},"signature_version":"v1","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/61135001a625364e29bdce83832f043eebde7b5a"},{"target":{"file":"coders/gif.c","function":"EncodeImage"},"signature_type":"Function","id":"CVE-2019-13308-42af0af9","digest":{"length":4310,"function_hash":"33931252725165565613186056870151868976"},"signature_version":"v1","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/61135001a625364e29bdce83832f043eebde7b5a"},{"target":{"file":"coders/gif.c"},"signature_type":"Line","id":"CVE-2019-13308-4a95e158","digest":{"threshold":0.9,"line_hashes":["51265213738129900670983773164793214695","81932849727788259817474639077344929438","202493460008061285440777688819823790655","274011465273690390802395305795430587458","42958763780120766151125892315889608833","289633531119074287216877021538400579867","260748331486626821987052014007331367995","326829304697580273146974462797135851627","152046412971312646860870762022768493029","253110534144820167883102970666764545297"]},"signature_version":"v1","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/61135001a625364e29bdce83832f043eebde7b5a"},{"target":{"file":"coders/gif.c"},"signature_type":"Line","id":"CVE-2019-13308-51a79c55","digest":{"threshold":0.9,"line_hashes":["312676134096742577456155797415400824539","263880397537373279323969257231176564402","289468913310928642209275437998073633435","233313884626493963646107645801449611724","184735614131739066661216850524668391918","289633531119074287216877021538400579867","260748331486626821987052014007331367995","326829304697580273146974462797135851627","152046412971312646860870762022768493029","253110534144820167883102970666764545297"]},"signature_version":"v1","deprecated":false,"source":"https://github.com/imagemagick/imagemagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01"},{"target":{"file":"magick/fourier.c"},"signature_type":"Line","id":"CVE-2019-13308-630abc58","digest":{"threshold":0.9,"line_hashes":["204855518540605257902283925169005303251","42861567429426368169022482558514866964","316463807009397722747100028080474955025","34141689287914964274372476523482677407","147347026764331910486453655722995402959","257669801299585565538710655994263791172","99752428333817084800308151890671910003","29163484896344491268682491804623468793","107652872086716590109850256437849295974","190810793818217649094732137235242445008","26265444806122912764508956260708242969","96824634526532411266622069132811761085","109219590298702621787289432604726821464","59539745964977549434164764237636862278","338075758582012979410755927414977063648","41100469283919380442516774300016728027","85788140239053774549133054006511979845","1346195874803581634593592174753467236","101970012275507157161343600419076049164","52442059370520122837133555852547210595","89599253478848702837507220757011058410","229751752464947588980997788668753511848","109396752116180155450074321816263913101","121167845776397517091214714339466688724","299941689460385740278053429127642971895","9218337211351167779240950003264589540","193840190353304828683962069134253558971","131233439779305300821859889358944137844","34771106716821833227499013034348992701","242519257736899510145308885500177336089","140899441734367271783273369145204701925","150197631828063965201538812538032253171","7274261714786753953236607961577139776","68151564054081595953631609569629299600","104432041816042320926819384710513234823","199029747523727048331745600755972408125","211597274307190040847315890977861523617","315987000872165857046684984860097136333","40129342728845590138858552383370796562","114014120180802196150804989241661654055","35655181167572263108658721980771996992","281716322093556160994461673560439156094","144167856962957231798669434004757330640","267263940606682168856191289835369015826","247320075899595793331289950992957793954","39575066707967683308435464315975940711","245326719199657678918934654757059845688","268201294096370909952993027485249158477","1719628054322737832953244444713660597","31017036546838889520887546898893181080","273029567993885912317242721176392887529","280276453120141588065794383494732263029","69153351208833517134873150535204937487","309179247390394611246601654277152457174","106081431460619420489036855055808562615","147205169920753026727668399078341314603","115810277785187379641428624315068151863","264426976117535494056255660406870104225","1956861741119608409503144852652620758","258534126716610613942896164754524940033","39754924660149046828434119007418414590","20856134721760464821392471836221487378","13599703049831916707618497556149873283","23093876298056051744790383094973800317","62891834797799597672183332468890786076","239131528209251227722446095838485812662","262030589581082962909391904898385231852","108115491142019281586989554949507664518","29765086485364717181857603970001617590","274684541881731299538157714378565050678","14084208424232788791053175583030712508","95079844592433458298494708950850725695","35655181167572263108658721980771996992","290459076129918909747009991249417078188","78381716539199803907582123697471383251","108914324286277532147276259333448207872","31758996102110635863483399684393359520"]},"signature_version":"v1","deprecated":false,"source":"https://github.com/imagemagick/imagemagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01"},{"target":{"file":"coders/gif.c","function":"EncodeImage"},"signature_type":"Function","id":"CVE-2019-13308-876c9336","digest":{"length":4316,"function_hash":"226445849686176582541854568315158567184"},"signature_version":"v1","deprecated":false,"source":"https://github.com/imagemagick/imagemagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01"},{"target":{"file":"MagickCore/fourier.c","function":"ComplexImages"},"signature_type":"Function","id":"CVE-2019-13308-da6f6603","digest":{"length":5237,"function_hash":"129840852347536517076606017562538219303"},"signature_version":"v1","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/61135001a625364e29bdce83832f043eebde7b5a"},{"target":{"file":"magick/fourier.c","function":"ComplexImages"},"signature_type":"Function","id":"CVE-2019-13308-ef2e47ca","digest":{"length":8306,"function_hash":"160470678576527977205870056738425652361"},"signature_version":"v1","deprecated":false,"source":"https://github.com/imagemagick/imagemagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0.8-50-q16"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.10"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}],"vanir_signatures_modified":"2026-04-11T08:55:55Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13308.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}