Out-of-bounds read In imagemagick
Description
ImageMagick has heap buffer overflow in YUV 4:2:2 decoder A heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer.
================================================================= ==204642==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5170000002e0 at pc 0x562d21a7e8de bp 0x7fffa9ae1270 sp 0x7fffa9ae1260 WRITE of size 8 at 0x5170000002e0 thread T0
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 debian 11 | 8:6.9.11.60+dfsg-1.3+deb11u10 | ||
debian 12 | 8:6.9.11.60+dfsg-1.6+deb12u7 | ||
debian 14 | 8:7.1.2.15+dfsg1-1 | ||
debian 13 | 8:7.1.1.43+dfsg1-1+deb13u6 | ||
 nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 |
1-10 of 25
10
Aliases
1. 2. 3. 4. 5. 6. 7.
References
1. 2.