Out-of-bounds Read Affecting imagemagick package, versions <8:6.9.7.4+dfsg-11+deb9u11


0.0
medium

Snyk CVSS

    Attack Complexity Low
    User Interaction Required
    Availability High

    Threat Intelligence

    EPSS 0.08% (34th percentile)
Expand this section
NVD
5.5 medium
Expand this section
SUSE
7.5 high
Expand this section
Red Hat
5.5 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN9-IMAGEMAGICK-1045663
  • published 26 Nov 2020
  • disclosed 8 Dec 2020

How to fix?

Upgrade Debian:9 imagemagick to version 8:6.9.7.4+dfsg-11+deb9u11 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Debian. See How to fix? for Debian:9 relevant fixed versions and status.

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.