CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27753
https://notcve.org/view.php?id=CVE-2020-27753
There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0. Se presentan varias pérdidas de memoria en el codificador MIFF en el archivo /coders/miff.c debido a valores de profundidad de imagen inapropiados, que pueden activarse mediante un archivo de entrada especialmente diseñado. • https://bugzilla.redhat.com/show_bug.cgi?id=1894229 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27752
https://notcve.org/view.php?id=CVE-2020-27752
A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/quantum-private.h. • https://bugzilla.redhat.com/show_bug.cgi?id=1894226 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-25667
https://notcve.org/view.php?id=CVE-2020-25667
TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0. La función TIFFGetProfiles() en el archivo /coders/tiff.c llama a la función strstr() lo que causa una gran lectura fuera de límites cuando busca `"dc:format=\"image/dng\"` dentro de "profile" debido al manejo inapropiado de una cadena, cuando un archivo de entrada diseñado es proporcionado a ImageMagick. • https://bugzilla.redhat.com/show_bug.cgi?id=1891613 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25664
https://notcve.org/view.php?id=CVE-2020-25664
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68. En la función WriteOnePNGImage() del codificador PNG en el archivo coders/png.c, una llamada inapropiada a las funciones AcquireVirtualMemory() y memset() permite una escritura fuera de límites más tarde cuando se llama a la función PopShortPixel() del archivo MagickCore/quantum-private.h . • https://bugzilla.redhat.com/show_bug.cgi?id=1891605 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z3J6D7POCQYQKNVRDYLTTPM5SQC3WVTR • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25663
https://notcve.org/view.php?id=CVE-2020-25663
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0. Una llamada a la función ConformPixelInfo() en la rutina SetImageAlphaChannel() del archivo /MagickCore/channel.c, causó una LECTURA de uso de la memoria previamente liberada de la pila o desbordamiento del búfer de la pila, cuando se llamó a las funciones GetPixelRed() o GetPixelBlue(). • https://bugzilla.redhat.com/show_bug.cgi?id=1891601 https://github.com/ImageMagick/ImageMagick/issues/1723 https://github.com/ImageMagick/ImageMagick/issues/1723#issuecomment-718275153 • CWE-416: Use After Free •