Out-of-bounds read In magick.net-q16-openmp-x64
Description
ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer
The UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex() before using it as an array subscript. In HDRI builds, Quantum is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash.
READ of size 1 at 0x55a8823a776e thread T0 #0 0x55a880d01e85 in WriteUILImage coders/uil.c:355
READ of size 1 at 0x55fa1c04c66e thread T0 #0 0x55fa1a9ee415 in WriteXPMImage coders/xpm.c:1135
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
 debian 11 | 8:6.9.11.60+dfsg-1.3+deb11u10 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 | ||
nuget | 14.10.3 |
1-10 of 23
10
Aliases
1. 2. 3. 4. 5. 6. 7.
References
1. 2. 3.