Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1275 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Imagemagick

8 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

16.5%

top 5.09%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Imagemagick Debian Imagemagick Graphicsmagick

Timeline

PublishedApr 25

Latest updateMay 1

Description

Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/imagemagick< imagemagick 6:6.0.6.2-2.3 (bookworm)

▶Debianimagemagick/imagemagick< 6:6.0.6.2-2.3+3

▶NVDimagemagick/imagemagick23 versions+22

▶NVDgraphicsmagick/graphicsmagick6 versions+5

Patches

Patch: www.imagemagick.org ↗Patch: www.imagemagick.org ↗

🔴Vulnerability Details

GHSA

GHSA-rq7w-w76q-f932: Heap-based buffer overflow in the ReadPNMImage function in pnm↗2022-05-01

▶

OSV

CVE-2005-1275: Heap-based buffer overflow in the ReadPNMImage function in pnm↗2005-04-25

▶

💥Exploits & PoCs

Exploit-DB

ImageMagick 6.x - '.PNM' Image Decoding Remote Buffer Overflow↗2005-04-25

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2005-05-23

▶

Red Hat

security flaw↗2005-04-24

▶

Debian

CVE-2005-1275: imagemagick - Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick...↗2005

▶

💬Community

Bugzilla

CVE-2005-1275 security flaw↗2018-08-16

▶