CVE-2020-25674

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.8-68

Description The issue is related to the WriteOnePNGImage() function from coders/png.c (the PNG coder) which has a for loop with an improper exit condition. This can allow an out-of-bounds READ via heap-buffer-overflow because the loop condition will attempt to pass invalid colormap data to the event logger if the colormap has less than 256 valid values. The flaw could impact application availability when a specially crafted input file is processed by ImageMagick.

Recommendations For ImageMagick versions prior to 7.0.8-68, update to version 7.0.8-68 or later to resolve the issue. As a temporary workaround, consider restricting the use of the WriteOnePNGImage() function until a patch is available. Avoid using specially crafted input files that could trigger the heap-buffer-overflow.

Exploit

Fix

Out of bounds Read

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-122

Related Identifiers

ALT-PU-2019-3182

ALT-PU-2020-1405

BDU:2021-03414

CVE-2020-25674

DLA-2523-1

DLA-3357-1

DLA-3357-2

OESA-2021-1110

OPENSUSE-SU-2021:0136-1

OPENSUSE-SU-2021:0148-1

OPENSUSE-SU-2021_0136-1

OPENSUSE-SU-2021_0148-1

SUSE-SU-2021:0153-1

SUSE-SU-2021:0156-1

SUSE-SU-2021:0199-1

USN-4988-1

USN-5335-1

USN-7068-1

Affected Products

Alt Linux

Astra Linux

Imagemagick

Linuxmint

Suse

Ubuntu

CVE-2020-25674

Weakness Enumeration

Related Identifiers

Affected Products

References · 367