{
  "threat_severity" : "Moderate",
  "public_date" : "2019-03-22T00:00:00Z",
  "bugzilla" : {
    "description" : "imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c",
    "id" : "1692300",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1692300"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-121",
  "details" : [ "In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file." ],
  "statement" : "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a\nsecurity impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the\nRed Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-03-31T00:00:00Z",
    "advisory" : "RHSA-2020:1180",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "autotrace-0:0.31.1-38.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-03-31T00:00:00Z",
    "advisory" : "RHSA-2020:1180",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "emacs-1:24.3-23.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-03-31T00:00:00Z",
    "advisory" : "RHSA-2020:1180",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "ImageMagick-0:6.9.10.68-3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-03-31T00:00:00Z",
    "advisory" : "RHSA-2020:1180",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "inkscape-0:0.92.2-3.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-9956\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9956" ],
  "name" : "CVE-2019-9956",
  "csaw" : false
}