Описание
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| imagemagick | not-affected | package |
Примечания
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827
https://github.com/ImageMagick/ImageMagick/commit/39f226a9c137f547e12afde972eeba7551124493
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c1a5aa3f4214ad6e4748de84dad44398959014e1
https://github.com/ImageMagick/ImageMagick/issues/1641
vulnerable code introduced in
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/edb32b1780e23c76b5d6dd735f89959a0b7e3867
EPSS
Связанные уязвимости
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
ELSA-2020-1180: ImageMagick security, bug fix, and enhancement update (MODERATE)
EPSS