Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. WriteUHDRImage in coders/uhdr.c uses int arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit int, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
A flaw was found in ImageMagick. When processing images with large dimensions, the WriteUHDRImage function in coders/uhdr.c uses integer arithmetic that can overflow. This overflow leads to an undersized memory allocation, followed by an out-of-bounds write. A remote attacker could exploit this vulnerability by providing a specially crafted image, potentially causing a denial of service or, in some cases, arbitrary code execution.
Отчет
This IMPORTANT heap-buffer-overflow vulnerability in ImageMagick's WriteUHDRImage function can lead to a denial of service or potentially arbitrary code execution when processing specially crafted UHDR images with excessively large dimensions. Red Hat Enterprise Linux 6 ELS and 7 ELS are affected by this flaw, which occurs due to a signed integer overflow during pixel buffer size calculation.
Меры по смягчению последствий
To mitigate this vulnerability, avoid processing untrusted or maliciously crafted UHDR image files with ImageMagick. Limiting the exposure of ImageMagick to untrusted input can reduce the risk of exploitation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Affected |
Показывать по
Дополнительная информация
Статус:
8.2 High
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions
8.2 High
CVSS3