Описание
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8.
A vulnerability in ImageMagick’s CLAHEImage() function (in MagickCore/enhance.c) allows a zero tile width or height to trigger unsigned integer underflow and division-by-zero conditions. When tile_info.height or tile_info.width becomes zero, pointer arithmetic using these values can result in out-of-bounds memory access, memory corruption, or excessive resource consumption, leading to a denial-of-service (DoS).
Отчет
This vulnerability is rated as Moderate because its primary impact is limited to denial-of-service (DoS) rather than data compromise or code execution. Although the flaw involves unsafe pointer arithmetic and division-by-zero conditions, the exploitability is constrained — it requires user interaction or crafted input (e.g., using -clahe 0x0! or very small images) to trigger. The resulting outcome is typically a process crash or resource exhaustion without any proven path to memory corruption exploitation or remote code execution. Moreover, the issue occurs in a non-default processing path (CLAHE filter), reducing its overall exposure. Therefore, despite the presence of out-of-bounds behavior, the lack of confidentiality or integrity impact justifies a Moderate rather than Important severity rating.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability. The risk can be reduced by disabling or restricting the use of the CLAHE feature in environments that process untrusted images. Administrators can update policy.xml or application logic to block the -clahe option, reject inputs specifying zero or very small tile dimensions, and enforce strict memory and CPU limits on ImageMagick processes.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Fix deferred | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8.
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8.
ImageMagick is a software suite to create, edit, compose, or convert b ...
EPSS
4.7 Medium
CVSS3