Fluid Attacks Database

Description

ImageMagick has has an off-by-one origin validation in allows out-of-bounds read in morphology processing An incorrect morphology would allow an out of bounds read of a single pixel.

==1200284==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5100000002d0 at pc 0x59e28e60c27a bp 0x7fff047fd8e0 sp 0x7fff047fd8d0
READ of size 4 at 0x5100000002d0 thread T0

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	magick.net-q16-arm64	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-hdri-arm64	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-anycpu	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-hdri-anycpu	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-hdri-openmp-arm64	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-hdri-x64	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-hdri-x86	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-openmp-arm64	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-openmp-x64	>=0 <14.12.0	14.12.0
nuget	magick.net-q16-x64	>=0 <14.12.0	14.12.0

1-10 of 18

Aliases

1. GHSA-q8h3-jv9v-57qx2. GCVE-GHSA-q8h3-jv9v-57qx

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q8h3-jv9v-57qx