Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
A flaw was found in ImageMagick. A remote attacker can exploit a signed integer overflow vulnerability in the SIXEL decoder by providing a maliciously crafted SIXEL image file. This vulnerability occurs during buffer reallocation operations and can lead to memory corruption and a denial of service (DoS) condition.
Отчет
This MODERATE impact vulnerability in ImageMagick's SIXEL decoder can lead to memory corruption and denial of service. It affects Red Hat Enterprise Linux 6 ELS and 7 ELS when processing a specially crafted SIXEL image file. Exploitation requires an attacker to provide a malicious image for processing.
Меры по смягчению последствий
To mitigate this vulnerability, avoid processing untrusted SIXEL image files with ImageMagick. If ImageMagick is used in an environment where it processes external or untrusted input, consider implementing sandboxing mechanisms to limit the potential impact of a successful exploit.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption
EPSS
5.3 Medium
CVSS3