CVE-2020-25663 — Use After Free in Imagemagick

CWE-416 — Use After Free5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 44.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedDec 8

Latest updateMay 24

Description

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDimagemagick/imagemagick< 7.0.8-56

▶debiandebian/imagemagick

▶CVEListV5imagemagick/imagemagickprior to 7.0.9-0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-h549-4pw3-34x9: A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel↗2022-05-24

▶

📋Vendor Advisories

Debian

CVE-2020-25663: imagemagick - A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCor...↗2020

▶

Red Hat

ImageMagick: use-after-free, heap-buffer-overflow triggered by GetPixelRed, GetPixelBlue in MagickCore/pixel-accessor.h↗2019-10-06

▶

💬Community

Bugzilla

CVE-2020-25663 ImageMagick: use-after-free, heap-buffer-overflow triggered by GetPixelRed, GetPixelBlue in MagickCore/pixel-accessor.h↗2020-10-26

▶