Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-25664

Опубликовано: 08 дек. 2020
Источник: nvd
CVSS3: 6.1
CVSS2: 5.8
EPSS Низкий

Описание

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Версия до 6.9.10-68 (исключая)
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Версия от 7.0.8 (включая) до 7.0.8-68 (исключая)
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

EPSS

Процентиль: 25%
0.00087
Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-122

Связанные уязвимости

ubuntu логотип

CVE-2020-25664

CVSS3: 6.1
ubuntu
около 5 лет назад

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.

redhat логотип

CVE-2020-25664

CVSS3: 6.1
redhat
больше 6 лет назад

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.

debian логотип

CVE-2020-25664

CVSS3: 6.1
debian
около 5 лет назад

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper ca ...

github логотип

GHSA-c5hg-hx4v-7q6w

github
больше 3 лет назад

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.

suse-cvrf логотип

SUSE-SU-2021:14598-1

suse-cvrf
около 5 лет назад

Security update for ImageMagick

EPSS

Процентиль: 25%
0.00087
Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-122