Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue.
A flaw was found in ImageMagick. The BilateralBlurImage method improperly initializes a memory buffer. This can lead to the release of an invalid pointer if memory allocation fails. A remote attacker could exploit this vulnerability to cause a Denial of Service (DoS) by providing a specially crafted image, leading to application instability or crashes.
Отчет
This vulnerability is rated Moderate for Red Hat products as it affects ImageMagick, a widely used image processing library. A flaw in the BilateralBlurImage method can lead to a release of an invalid pointer when memory allocation fails, potentially resulting in a denial of service. This issue impacts Red Hat Enterprise Linux 6 ELS, 7 ELS, and Community Projects like EPEL and Fedora.
Меры по смягчению последствий
To mitigate this issue, avoid processing untrusted image files with ImageMagick. If ImageMagick is used in an automated or server-side context, consider implementing sandboxing mechanisms to limit the impact of potential exploitation. Restricting the sources of images processed by ImageMagick to trusted origins can also reduce exposure.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue.
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick releases an invalid pointer in BilateralBlur when memory allocation fails
Уязвимость метода BilateralBlurImage функции AcquireBilateralTLS() консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3