Описание
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
An out-of-bounds read was discovered in ImageMagick when writing PNG images. An attacker may abuse this flaw to trick a victim user into downloading a malicious image file and running it through ImageMagick, causing the application to crash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | autotrace | Fixed | RHSA-2020:1180 | 31.03.2020 |
| Red Hat Enterprise Linux 7 | emacs | Fixed | RHSA-2020:1180 | 31.03.2020 |
| Red Hat Enterprise Linux 7 | ImageMagick | Fixed | RHSA-2020:1180 | 31.03.2020 |
| Red Hat Enterprise Linux 7 | inkscape | Fixed | RHSA-2020:1180 | 31.03.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
Уязвимость функции WritePNGImage консольного графического редактора ImageMagick, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
EPSS
3.3 Low
CVSS3