Описание
ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer
The UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex() before using it as an array subscript. In HDRI builds, Quantum is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash.
Пакеты
Magick.NET-Q16-AnyCPU
< 14.10.3
14.10.3
Magick.NET-Q16-HDRI-AnyCPU
< 14.10.3
14.10.3
Magick.NET-Q16-HDRI-OpenMP-arm64
< 14.10.3
14.10.3
Magick.NET-Q16-HDRI-OpenMP-x64
< 14.10.3
14.10.3
Magick.NET-Q16-HDRI-arm64
< 14.10.3
14.10.3
Magick.NET-Q16-HDRI-x64
< 14.10.3
14.10.3
Magick.NET-Q16-OpenMP-arm64
< 14.10.3
14.10.3
Magick.NET-Q16-OpenMP-x64
< 14.10.3
14.10.3
Magick.NET-Q16-OpenMP-x86
< 14.10.3
14.10.3
Magick.NET-Q16-arm64
< 14.10.3
14.10.3
Magick.NET-Q16-x64
< 14.10.3
14.10.3
Magick.NET-Q16-x86
< 14.10.3
14.10.3
Magick.NET-Q8-AnyCPU
< 14.10.3
14.10.3
Magick.NET-Q8-OpenMP-arm64
< 14.10.3
14.10.3
Magick.NET-Q8-OpenMP-x64
< 14.10.3
14.10.3
Magick.NET-Q8-arm64
< 14.10.3
14.10.3
Magick.NET-Q8-x86
< 14.10.3
14.10.3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and mani ...
