ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
{ "vanir_signatures": [ { "id": "CVE-2019-13300-139fb28e", "digest": { "length": 747.0, "function_hash": "228812267530548108994259829563273804226" }, "signature_version": "v1", "target": { "file": "MagickCore/statistic.c", "function": "AcquirePixelThreadSet" }, "deprecated": false, "signature_type": "Function", "source": "https://github.com/imagemagick/imagemagick/commit/a906fe9298bf89e01d5272023db687935068849a" }, { "id": "CVE-2019-13300-276b9984", "digest": { "threshold": 0.9, "line_hashes": [ "252911716743151139455035565016929371968", "309341004518195730195469861442816888088", "164132780689456967811638868753689149897", "175249574639010171353232524016869044002", "114934000580612516692918090456565311141", "279248044140421932361236121382495551644", "194424493273373157340165781447095563707", "51002708200927542926788754763346173198", "71373475015903103516817991520481381933", "326394045144129747231328685586249213587", "244443250456403565948921814480436841205", "1729844479563129291993343509158009233", "105031928220059508872248359991005569637", "3631098280522503122377173355729170829", "195847460391061561672363238553298714060", "87750882753235097516960411572693252310", "166173866116574806599042939084498108081", "174646663388914269225933333337863684316", "9119553341221799828555580974753929021", "104848473190355628660223825979748549214", "329823126475929851177367055559346891950" ] }, "signature_version": "v1", "target": { "file": "magick/statistic.c" }, "deprecated": false, "signature_type": "Line", "source": "https://github.com/imagemagick/imagemagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450" }, { "id": "CVE-2019-13300-39eaba4a", "digest": { "length": 656.0, "function_hash": "48022743420180881138809750424752004697" }, "signature_version": "v1", "target": { "file": "magick/statistic.c", "function": "AcquirePixelThreadSet" }, "deprecated": false, "signature_type": "Function", "source": "https://github.com/imagemagick/imagemagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450" }, { "id": "CVE-2019-13300-954ea040", "digest": { "threshold": 0.9, "line_hashes": [ "288779304326718317062053064957129179080", "189813899117259398132115156559001924602", "330452087667542247883026787037584236208", "232576825136020337012023673208216554687", "283160991720775298453801885574982923136", "247780578090208168983063045392345896227", "66311713142004892962861753386319691166", "136293031014594701419736745752646789778", "318672019652926984959938208451195130227", "180510603992647546579305887327561640057", "336827164886706935117649695836113635849", "8135538768822023337923777209369657586", "120847633254663005948593247087623327634", "279878274855968029922299685470369274421", "86085154396923948258426607642809007462", "130973616844684321886652766044534516136", "230760603093439976837858997136454497028", "90176785563132328011414679393034191733", "209244748260447726772692797546745121712", "151170877836598283099662940730705020310", "43024874114231976877746899648516279005", "11593819780816764656933681157741427887" ] }, "signature_version": "v1", "target": { "file": "MagickCore/statistic.c" }, "deprecated": false, "signature_type": "Line", "source": "https://github.com/imagemagick/imagemagick/commit/a906fe9298bf89e01d5272023db687935068849a" } ] }