Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. This heap buffer over-read vulnerability occurs when processing images where the -extract dimensions are larger than the -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. A remote attacker could exploit this vulnerability to potentially disclose sensitive information.
Отчет
This MODERATE impact vulnerability in ImageMagick is due to a heap buffer over-read when processing images with -extract dimensions larger than -size dimensions. This flaw could lead to out-of-bounds memory reads from a heap-allocated buffer. Red Hat Enterprise Linux and Community Projects are affected if ImageMagick is used to process untrusted image data with these specific parameters.
Меры по смягчению последствий
To mitigate this issue, avoid processing untrusted or malformed image files with ImageMagick. Users should exercise caution when handling images from untrusted sources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
5.1 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick: Out of bounds read in multiple coders read raw pixel data
5.1 Medium
CVSS3