Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| imagemagick | fixed | 8:7.1.2.16+dfsg1-1 | package |
Примечания
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4
https://github.com/ImageMagick/ImageMagick/commit/7936d9c7bec4bd459a8d4b5304a1a6fbf7dac0ea (7.1.2-16)
https://github.com/ImageMagick/ImageMagick6/commit/fa85920aa28ee1887cc3c5d7d5272b3650d3b168 (6.9.13-41)
EPSS
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
A flaw was found in ImageMagick. An overflow on 32-bit systems in the SFW decoder can lead to a crash when processing extremely large images. This vulnerability could allow an attacker to cause a Denial of Service (DoS) by providing a specially crafted large image.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder
EPSS