logo

Database

Inappropriate coding practices In magick.net-q16-openmp-x64

Description

mageMagick has a possible use-after-free write in its PDB decoder A use-after-free vulnerability exists in the PDB decoder that will use a stale pointer when a memory allocation fails and that could result in a crash or a single zero byte write.

==4033155==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x5589c1971b24 bp 0x7ffdcc7ae2d0 sp 0x7ffdcc7adb20 T0)

==4034812==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f099e9f7800 at pc 0x5605d909ab20 bp 0x7ffe52045b50 sp 0x7ffe52045b40
WRITE of size 1 at 0x7f099e9f7800 thread T0

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 19

10

Aliases

1. GHSA-3j4x-rwrx-xxj92. GCVE-GHSA-3j4x-rwrx-xxj9

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3j4x-rwrx-xxj92. https://github.com/ImageMagick/ImageMagick/commit/168ffe18def968f886c023146a478897866fd6213. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.