Out-of-bounds read In imagemagick
Description
ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption A signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows.
AddressSanitizer:DEADLYSIGNAL ================================================================= ==143838==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 #0 0x7f379d5adb53 (/lib/x86_64-linux-gnu/libc.so.6+0xc4b53)
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 debian 11 | 8:6.9.11.60+dfsg-1.3+deb11u10 | ||
debian 12 | 8:6.9.11.60+dfsg-1.6+deb12u7 | ||
debian 14 | 8:7.1.2.15+dfsg1-1 | ||
debian 13 | 8:7.1.1.43+dfsg1-1+deb13u6 | ||
 nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 |
1-10 of 25
10
Aliases
1. 2. 3. 4. 5. 6. 7.
References
1. 2.