exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

bind:"BDU:2021-03414" OR bind:"CVE-2020-25674"

exploitDog

bind:"BDU:2021-03414" OR bind:"CVE-2020-25674"

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 11

Количество 11

BDU:2021-03414

почти 6 лет назад

Уязвимость функции WriteOnePNGImage() компонента coders/png.c консольного графического редактора ImageMagick, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 5.3

EPSS: Низкий

CVE-2020-25674

больше 4 лет назад

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.

CVSS3: 5.5

EPSS: Низкий

CVE-2020-25674

почти 6 лет назад

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.

CVSS3: 5.5

EPSS: Низкий

CVE-2020-25674

больше 4 лет назад

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.

CVSS3: 5.5

EPSS: Низкий

CVE-2020-25674

больше 4 лет назад

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop wi ...

CVSS3: 5.5

EPSS: Низкий

GHSA-28m3-jxqr-cj5w

около 3 лет назад

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.

CVSS3: 5.5

EPSS: Низкий

SUSE-SU-2021:0199-1

больше 4 лет назад

Security update for ImageMagick

EPSS: Низкий

SUSE-SU-2021:0153-1

больше 4 лет назад

Security update for ImageMagick

EPSS: Низкий

openSUSE-SU-2021:0148-1

больше 4 лет назад

Security update for ImageMagick

EPSS: Низкий

openSUSE-SU-2021:0136-1

больше 4 лет назад

Security update for ImageMagick

EPSS: Низкий

SUSE-SU-2021:0156-1

больше 4 лет назад

Security update for ImageMagick

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	BDU:2021-03414 Уязвимость функции WriteOnePNGImage() компонента coders/png.c консольного графического редактора ImageMagick, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 5.3	0% Низкий	почти 6 лет назад
	CVE-2020-25674 WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.	CVSS3: 5.5	0% Низкий	больше 4 лет назад
	CVE-2020-25674 WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.	CVSS3: 5.5	0% Низкий	почти 6 лет назад
	CVE-2020-25674 WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.	CVSS3: 5.5	0% Низкий	больше 4 лет назад
	CVE-2020-25674 WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop wi ...	CVSS3: 5.5	0% Низкий	больше 4 лет назад
	GHSA-28m3-jxqr-cj5w WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.	CVSS3: 5.5	0% Низкий	около 3 лет назад
	SUSE-SU-2021:0199-1 Security update for ImageMagick			больше 4 лет назад
	SUSE-SU-2021:0153-1 Security update for ImageMagick			больше 4 лет назад
	openSUSE-SU-2021:0148-1 Security update for ImageMagick			больше 4 лет назад
	openSUSE-SU-2021:0136-1 Security update for ImageMagick			больше 4 лет назад
	SUSE-SU-2021:0156-1 Security update for ImageMagick			больше 4 лет назад

Уязвимостей на страницу