CVE-2020-25674

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-25674

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25674.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-25674

Related

Published

2020-12-08T22:15:17Z

Modified

2024-09-11T04:37:11.240139Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.

References

Affected packages

Debian:11 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.11.24+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.11.24+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.11.24+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/imagemagick/imagemagick

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cdfd76effab52bb2489feb6518178b66324dec11

Type: GIT
Repo: https://github.com/imagemagick/imagemagick6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bcb26c8197b73657830415bf977fb1b066e88174

Affected versions

6.*

6.9.10-0

6.9.10-1

6.9.10-10

6.9.10-11

6.9.10-12

6.9.10-13

6.9.10-14

6.9.10-15

6.9.10-16

6.9.10-17

6.9.10-18

6.9.10-19

6.9.10-2

6.9.10-20

6.9.10-21

6.9.10-22

6.9.10-23

6.9.10-24

6.9.10-25

6.9.10-26

6.9.10-27

6.9.10-28

6.9.10-29

6.9.10-3

6.9.10-30

6.9.10-31

6.9.10-32

6.9.10-33

6.9.10-34

6.9.10-35

6.9.10-36

6.9.10-37

6.9.10-38

6.9.10-39

6.9.10-4

6.9.10-40

6.9.10-41

6.9.10-42

6.9.10-43

6.9.10-44

6.9.10-45

6.9.10-46

6.9.10-47

6.9.10-48

6.9.10-49

6.9.10-5

6.9.10-50

6.9.10-51

6.9.10-52

6.9.10-53

6.9.10-54

6.9.10-55

6.9.10-56

6.9.10-57

6.9.10-58

6.9.10-59

6.9.10-6

6.9.10-60

6.9.10-61

6.9.10-62

6.9.10-63

6.9.10-64

6.9.10-65

6.9.10-66

6.9.10-67

6.9.10-7

6.9.10-8

6.9.10-9

6.9.4-0

6.9.4-1

6.9.4-10

6.9.4-2

6.9.4-3

6.9.4-4

6.9.4-5

6.9.4-6

6.9.4-7

6.9.4-8

6.9.4-9

6.9.5-0

6.9.5-1

6.9.5-10

6.9.5-2

6.9.5-3

6.9.5-4

6.9.5-5

6.9.5-6

6.9.5-7

6.9.5-8

6.9.5-9

6.9.6-0

6.9.6-1

6.9.6-2

6.9.6-3

6.9.6-4

6.9.6-5

6.9.6-6

6.9.6-7

6.9.6-8

6.9.7-0

6.9.7-1

6.9.7-10

6.9.7-2

6.9.7-3

6.9.7-4

6.9.7-5

6.9.7-6

6.9.7-7

6.9.7-8

6.9.7-9

6.9.8-0

6.9.8-1

6.9.8-10

6.9.8-2

6.9.8-3

6.9.8-4

6.9.8-5

6.9.8-6

6.9.8-7

6.9.8-8

6.9.8-9

6.9.9-0

6.9.9-1

6.9.9-10

6.9.9-11

6.9.9-12

6.9.9-13

6.9.9-14

6.9.9-15

6.9.9-17

6.9.9-18

6.9.9-19

6.9.9-2

6.9.9-20

6.9.9-21

6.9.9-22

6.9.9-23

6.9.9-24

6.9.9-25

6.9.9-26

6.9.9-27

6.9.9-28

6.9.9-29

6.9.9-3

6.9.9-30

6.9.9-31

6.9.9-32

6.9.9-33

6.9.9-34

6.9.9-35

6.9.9-36

6.9.9-37

6.9.9-38

6.9.9-39

6.9.9-4

6.9.9-40

6.9.9-41

6.9.9-42

6.9.9-43

6.9.9-44

6.9.9-45

6.9.9-46

6.9.9-47

6.9.9-48

6.9.9-49

6.9.9-5

6.9.9-50

6.9.9-51

6.9.9-6

6.9.9-7

6.9.9-8

6.9.9-9

7.*

7.0.1-0

7.0.1-1

7.0.1-10

7.0.1-2

7.0.1-3

7.0.1-4

7.0.1-5

7.0.1-6

7.0.1-7

7.0.1-8

7.0.1-9

7.0.2-0

7.0.2-1

7.0.2-10

7.0.2-2

7.0.2-3

7.0.2-4

7.0.2-5

7.0.2-6

7.0.2-7

7.0.2-8

7.0.2-9

7.0.3-0

7.0.3-1

7.0.3-10

7.0.3-2

7.0.3-3

7.0.3-4

7.0.3-5

7.0.3-6

7.0.3-7

7.0.3-8

7.0.3-9

7.0.4-0

7.0.4-1

7.0.4-10

7.0.4-2

7.0.4-3

7.0.4-4

7.0.4-5

7.0.4-6

7.0.4-7

7.0.4-8

7.0.4-9

7.0.5-0

7.0.5-1

7.0.5-10

7.0.5-2

7.0.5-3

7.0.5-4

7.0.5-5

7.0.5-6

7.0.5-7

7.0.5-8

7.0.5-9

7.0.6-0

7.0.6-1

7.0.6-2

7.0.6-3

7.0.6-4

7.0.6-5

7.0.6-6

7.0.6-7

7.0.6-8

7.0.6-9

7.0.7-0

7.0.7-1

7.0.7-10

7.0.7-11

7.0.7-12

7.0.7-13

7.0.7-14

7.0.7-15

7.0.7-16

7.0.7-17

7.0.7-18

7.0.7-19

7.0.7-2

7.0.7-20

7.0.7-21

7.0.7-22

7.0.7-23

7.0.7-24

7.0.7-25

7.0.7-26

7.0.7-27

7.0.7-28

7.0.7-29

7.0.7-3

7.0.7-30

7.0.7-31

7.0.7-32

7.0.7-33

7.0.7-34

7.0.7-35

7.0.7-36

7.0.7-37

7.0.7-38

7.0.7-39

7.0.7-4

7.0.7-5

7.0.7-6

7.0.7-8

7.0.7-9

7.0.7.7

7.0.8-0

7.0.8-1

7.0.8-10

7.0.8-11

7.0.8-12

7.0.8-13

7.0.8-14

7.0.8-15

7.0.8-16

7.0.8-17

7.0.8-18

7.0.8-19

7.0.8-2

7.0.8-20

7.0.8-21

7.0.8-22

7.0.8-23

7.0.8-24

7.0.8-25

7.0.8-26

7.0.8-27

7.0.8-28

7.0.8-29

7.0.8-3

7.0.8-30

7.0.8-31

7.0.8-32

7.0.8-33

7.0.8-34

7.0.8-35

7.0.8-36

7.0.8-37

7.0.8-38

7.0.8-39

7.0.8-4

7.0.8-40

7.0.8-41

7.0.8-42

7.0.8-43

7.0.8-44

7.0.8-45

7.0.8-46

7.0.8-47

7.0.8-48

7.0.8-49

7.0.8-5

7.0.8-50

7.0.8-51

7.0.8-52

7.0.8-53

7.0.8-54

7.0.8-55

7.0.8-56

7.0.8-57

7.0.8-58

7.0.8-59

7.0.8-6

7.0.8-60

7.0.8-61

7.0.8-62

7.0.8-63

7.0.8-64

7.0.8-65

7.0.8-66

7.0.8-67

7.0.8-7

7.0.8-8

7.0.8-9