CVE-2020-25674Heap-based Buffer Overflow in Imagemagick

CWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds Read10 documents7 sources
Severity
5.5MEDIUMNVD
OSV6.5
EPSS
0.2%
top 52.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickDebian Linux
Timeline
PublishedDec 8
Latest updateOct 15

Description

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availabi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.24+dfsg-1 (bookworm)
NVDimagemagick/imagemagick7.0.0-07.0.8-68+1
Debianimagemagick/imagemagick< 8:6.9.11.24+dfsg-1+3
Ubuntuimagemagick/imagemagick< 8:6.8.9.9-7ubuntu5.16+esm2
CVEListV5imagemagick/imagemagickprior to 7.0.8-68

Also affects: Debian Linux 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-28m3-jxqr-cj5w: WriteOnePNGImage() from coders/png2022-05-24
OSV
imagemagick vulnerabilities2022-03-18
OSV
CVE-2020-25674: WriteOnePNGImage() from coders/png2020-12-08

📋Vendor Advisories

5
Ubuntu
ImageMagick vulnerabilities2024-10-15
Ubuntu
ImageMagick vulnerabilities2022-03-18
Ubuntu
ImageMagick vulnerabilities2021-06-15
Debian
CVE-2020-25674: imagemagick - WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an impr...2020
Red Hat
ImageMagick: heap-based buffer overflow in WriteOnePNGImage in coders/png.c2019-10-04

💬Community

1
Bugzilla
CVE-2020-25674 ImageMagick: heap-based buffer overflow in WriteOnePNGImage in coders/png.c2020-10-27