Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-25665

Опубликовано: 04 окт. 2019
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.

A flaw was found in the PALM image coder at coders/palm.c where it makes an improper call to AcquireQuantumMemory() in the WritePALMImage() routine because it needs to be offset by 256. This issue causes an out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). The highest threat from this vulnerability is to system availability.

Отчет

This flaw is out of support scope for Red Hat Enterprise Linux 5, 6, and 7. Inkscape is not affected because it no longer uses a bundled ImageMagick in Red Hat Enterprise Linux 8. For more information regarding support scopes, please see https://access.redhat.com/support/policy/updates/errata .

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ImageMagickOut of support scope
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope
Red Hat Enterprise Linux 8inkscapeNot affected
Red Hat Enterprise Linux 9ImageMagickAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1891606ImageMagick: heap-based buffer overflow in WritePALMImage in coders/palm.c

EPSS

Процентиль: 54%
0.00313
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-25665

CVSS3: 5.5
ubuntu
около 5 лет назад

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.

nvd логотип

CVE-2020-25665

CVSS3: 5.5
nvd
около 5 лет назад

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.

debian логотип

CVE-2020-25665

CVSS3: 5.5
debian
около 5 лет назад

The PALM image coder at coders/palm.c makes an improper call to Acquir ...

github логотип

GHSA-jrw9-9g4g-6hxf

CVSS3: 5.5
github
больше 3 лет назад

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.

fstec логотип

BDU:2021-03427

CVSS3: 5.3
fstec
больше 6 лет назад

Уязвимость кодировщика изображений PALM консольного графического редактора ImageMagick, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 54%
0.00313
Низкий

5.5 Medium

CVSS3

Уязвимость CVE-2020-25665