DEBIAN-CVE-2020-25665
- Source
- https://security-tracker.debian.org/tracker/CVE-2020-25665
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-25665.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-25665
- Upstream
- Published
- 2020-12-08T21:15:12Z
- Modified
- 2025-09-25T22:40:37Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytesperrow in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.
- References
Affected packages
Debian:11 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source
Debian:12 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source
Debian:13 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source
Debian:14 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source