Описание
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.3.26-17 |
| cosmic | not-affected | 1.3.26-17 |
| devel | not-affected | 1.3.26-17 |
| disco | not-affected | 1.3.26-17 |
| eoan | not-affected | 1.3.26-17 |
| esm-apps/bionic | not-affected | 1.3.26-17 |
| esm-apps/focal | not-affected | 1.3.26-17 |
| esm-apps/jammy | not-affected | 1.3.26-17 |
| esm-apps/xenial | released | 1.3.23-1ubuntu0.4 |
Показывать по
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure ...
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
Уязвимость функции DescribeImage (magick/describe.c) кроссплатформенной библиотеки для работы с графикой GraphicsMagick, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3