CVE-2020-25676

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.9-0

Description The issue is related to multiple unconstrained pixel offset calculations in functions CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo() in /MagickCore/pixel.c. These calculations produced undefined behavior, including out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. An attacker could trigger these instances of undefined behavior by supplying a crafted input file to be processed by ImageMagick, potentially impacting application availability or causing other problems.

Recommendations For versions prior to 7.0.9-0, update to version 7.0.9-0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable functions until a patch is available. Avoid using crafted input files that could trigger the undefined behavior.