Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
A flaw was found in ImageMagick, a software suite for editing and manipulating digital images. An integer overflow vulnerability exists in the XWD (X Windows) encoder when processing extremely large images. This flaw can lead to an undersized memory allocation, resulting in an out-of-bounds write to the heap. A local attacker could exploit this to cause a denial of service (DoS) or potentially impact data integrity.
Отчет
A MODERATE impact heap buffer overflow exists in ImageMagick's XWD encoder, WriteXWDImage. This flaw occurs when processing extremely large images, leading to an undersized heap buffer allocation and a potential out-of-bounds write. Red Hat products shipping ImageMagick are affected if configured to generate or convert excessively large images into the XWD format.
Меры по смягчению последствий
To mitigate this issue, restrict ImageMagick's processing of untrusted or excessively large XWD image files. Implement input validation to ensure that image dimensions and sizes are within expected operational limits before processing them with ImageMagick.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
6.8 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick has heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation
6.8 Medium
CVSS3