Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex() before using it as an array subscript. In HDRI builds, Quantum is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 8:7.1.2.13+dfsg1-1ubuntu1 |
| esm-apps/focal | released | 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm8 |
| esm-apps/jammy | released | 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8 |
| esm-apps/noble | released | 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7 |
| esm-infra-legacy/trusty | released | 8:6.7.7.10-6ubuntu3.13+esm19 |
| esm-infra/bionic | released | 8:6.9.7.4+dfsg-16ubuntu6.15+esm10 |
| esm-infra/xenial | released | 8:6.8.9.9-7ubuntu5.16+esm18 |
| jammy | needed | |
| noble | needed | |
| questing | needed |
Показывать по
6.5 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer
6.5 Medium
CVSS3