DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2020-25663

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-25663

CGA ID

CGA-qm32-xmp4-mwv3

Severity

5.5

Medium

CVSS V3

Description

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.

References

  • https://images.chainguard.dev/security/CGA-qm32-xmp4-mwv3

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images