Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-25663

Опубликовано: 08 дек. 2020
Источник: nvd
CVSS3: 5.5
CVSS2: 4.3
EPSS Низкий

Описание

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Версия до 7.0.8-56 (исключая)

EPSS

Процентиль: 38%
0.0017
Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2020-25663

CVSS3: 5.5
ubuntu
около 5 лет назад

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.

redhat логотип

CVE-2020-25663

CVSS3: 4.7
redhat
больше 6 лет назад

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.

debian логотип

CVE-2020-25663

CVSS3: 5.5
debian
около 5 лет назад

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of ...

github логотип

GHSA-h549-4pw3-34x9

github
больше 3 лет назад

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.

EPSS

Процентиль: 38%
0.0017
Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-416