vulnerability

Ubuntu: (Multiple Advisories) (CVE-2020-25664): ImageMagick vulnerabilities

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
Published
2020-12-08
Added
2022-03-22
Modified
2024-11-15

Description

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.

Solution(s)

ubuntu-pro-upgrade-imagemagickubuntu-pro-upgrade-imagemagick-6-q16ubuntu-pro-upgrade-imagemagick-commonubuntu-pro-upgrade-libimage-magick-perlubuntu-pro-upgrade-libimage-magick-q16-perlubuntu-pro-upgrade-libmagick-5ubuntu-pro-upgrade-libmagick-6-q16-5v5ubuntu-pro-upgrade-libmagick-6-q16-devubuntu-pro-upgrade-libmagick-devubuntu-pro-upgrade-libmagickcore-6-arch-configubuntu-pro-upgrade-libmagickcore-6-headersubuntu-pro-upgrade-libmagickcore-6-q16-2ubuntu-pro-upgrade-libmagickcore-6-q16-2-extraubuntu-pro-upgrade-libmagickcore-6-q16-devubuntu-pro-upgrade-libmagickcore-devubuntu-pro-upgrade-libmagickcore5ubuntu-pro-upgrade-libmagickcore5-extraubuntu-pro-upgrade-libmagickwand-6-q16-2ubuntu-pro-upgrade-libmagickwand-6-q16-devubuntu-pro-upgrade-libmagickwand-devubuntu-pro-upgrade-libmagickwand5ubuntu-pro-upgrade-perlmagick
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.