Inappropriate coding practices In imagemagick
Description
ImageMagick has heap use-after-free in the MSL encoder A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed.
SUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage Shadow bytes around the buggy address: 0x0a4e80007450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0a4e80007460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0a4e80007470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0a4e80007480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0a4e80007490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0a4e800074a0: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd...
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 debian 12 | 8:6.9.11.60+dfsg-1.6+deb12u8 | ||
debian 13 | 8:7.1.1.43+dfsg1-1+deb13u7 | ||
debian 14 | 8:7.1.2.16+dfsg1-1 | ||
debian 11 | 8:6.9.11.60+dfsg-1.3+deb11u11 | ||
 nuget | 14.10.4 | ||
nuget | 14.10.4 | ||
nuget | 14.10.4 | ||
nuget | 14.10.4 | ||
nuget | 14.10.4 | ||
nuget | 14.10.4 |
1-10 of 25
10
Aliases
1. 2. 3. 4. 5. 6. 7.
References
1. 2.