Vulnerability Database
296,137
Total vulnerabilities in the database
ImageMagick has a heap-buffer-overflow
Summary
While Processing a crafted TIFF file, imagemagick crashes.
Details
Following is the imagemagick version:
imagemagick_git/build_26jun23/bin/magick --version
Version: ImageMagick 7.1.1-13 (Beta) Q16-HDRI x86_64 56f478940:20230625 https://imagemagick.org
Copyright: (C) 1999 ImageMagick Studio LLC
License: https://imagemagick.org/script/license.php
Features: Cipher DPC HDRI
Delegates (built-in): fontconfig freetype jbig jng jpeg lcms lzma pangocairo png tiff webp x xml zlib
Compiler: gcc (4.2)
PoC
issue can be replicated with following command with provided POC file(sent over email):
magick poc.tiff /dev/null
Impact
This can lead to application crash.
Credits
Please give credits to Hardik shah of Vehere (Dawn Treaders team)
| Software | From | Fixed in |
|---|---|---|
magick.net-q16-anycpu
|
- | 13.2.0 |
|
magick.net-q16-hdri-anycpu
|
- | 13.2.0 |
|
Magick.NET-Q16-HDRI-OpenMP-arm64
|
- | 13.2.0 |
|
Magick.NET-Q16-HDRI-OpenMP-x64
|
- | 13.2.0 |
|
Magick.NET-Q16-HDRI-arm64
|
- | 13.2.0 |
|
Magick.NET-Q16-HDRI-x64
|
- | 13.2.0 |
|
Magick.NET-Q16-HDRI-x86
|
- | 13.2.0 |
|
Magick.NET-Q16-OpenMP-arm64
|
- | 13.2.0 |
|
Magick.NET-Q16-OpenMP-x64
|
- | 13.2.0 |
|
Magick.NET-Q16-arm64
|
- | 13.2.0 |
|
magick.net-q16-x64
|
- | 13.2.0 |
|
Magick.NET-Q16-x86
|
- | 13.2.0 |
|
magick.net-q8-anycpu
|
- | 13.2.0 |
|
Magick.NET-Q8-OpenMP-arm64
|
- | 13.2.0 |
|
magick.net-q8-openmp-x64
|
- | 13.2.0 |
|
Magick.NET-Q8-arm64
|
- | 13.2.0 |
|
magick.net-q8-x64
|
- | 13.2.0 |
|
Magick.NET-Q8-x86
|
- | 13.2.0 |