Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. When processing Huffman-coded data from Photo CD (PCD) files, the image decoder contains an incorrect initialization that could lead to an out-of-bounds read. This vulnerability could allow a remote attacker to cause information disclosure or a denial of service.
Отчет
This MODERATE impact vulnerability in ImageMagick involves a heap overflow in the PCD (Photo CD) decoder, leading to an out-of-bounds read when processing Huffman-coded data. An attacker could exploit this by providing a specially crafted PCD file. Red Hat Enterprise Linux 6 ELS and 7 ELS are affected.
Меры по смягчению последствий
To mitigate this issue, restrict ImageMagick's ability to process PCD (Photo CD) files by disabling the PCD coder. This can be done by adding or modifying a policy entry in the ImageMagick configuration file, typically located at /etc/ImageMagick-X/policy.xml (where 'X' is the ImageMagick version). Add the following line within the <policymap> tags:
Applications utilizing ImageMagick may require a restart for this change to take effect. This action will prevent ImageMagick from processing PCD files, which may affect functionality dependent on this format.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick: Heap overflow in pcd decoder leads to out of bounds read.
6.5 Medium
CVSS3