CVE-2020-25664

Published: Dec 8, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Exploitability: 1.8 / Impact: 4.2

Source: NVD

Description

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.

Affected (3)

Products: Imagemagick: Imagemagick · Fedoraproject: Fedora

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Before 6.9.10-68
Imagemagick Imagemagick	From 7.0.8 to 7.0.8-68

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34

Related CWEs

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1891605

Source: secalert@redhat.com

ExploitIssue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z3J6D7POCQYQKNVRDYLTTPM5SQC3WVTR/

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1891605

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z3J6D7POCQYQKNVRDYLTTPM5SQC3WVTR/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.