ImageMagick up to 6.9.10-67/7.0.8-67 PNG Coder coders/png.c WriteOnePNGImage out-of-bounds write

Summaryinfo

A vulnerability classified as critical has been found in ImageMagick up to 6.9.10-67/7.0.8-67. This vulnerability affects the function WriteOnePNGImage of the file coders/png.c of the component PNG Coder. The manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2020-25664. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, has been found in ImageMagick up to 6.9.10-67/7.0.8-67 (Image Processing Software). This issue affects the function WriteOnePNGImage of the file coders/png.c of the component PNG Coder. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. Using CWE to declare the problem leads to CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality, integrity, and availability.

The weakness was presented 12/09/2020 as 1891605. The advisory is shared at bugzilla.redhat.com. The identification of this vulnerability is CVE-2020-25664. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available.

Upgrading to version 6.9.10-68 or 7.0.8-68 eliminates this vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Image Processing Software

Name

• ImageMagick

Version

• 6.9.10-67
• 7.0.8-67

License

• open-source

Website

• Product: https://www.imagemagick.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion