Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 8:7.1.2.3+dfsg1-1 |
| esm-apps/focal | released | 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3 |
| esm-apps/jammy | released | 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3 |
| esm-apps/noble | released | 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2 |
| esm-infra-legacy/trusty | released | 8:6.7.7.10-6ubuntu3.13+esm14 |
| esm-infra/bionic | released | 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 |
| esm-infra/xenial | released | 8:6.8.9.9-7ubuntu5.16+esm13 |
| jammy | needed | |
| noble | needed | |
| plucky | needed |
Показывать по
Ссылки на источники
EPSS
3.8 Low
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
ImageMagick is free and open-source software used for editing and mani ...
EPSS
3.8 Low
CVSS3