PT-2020-12007 · Imagemagick · Imagemagick

Girlelecta

Published

2020-03-10

Updated

2020-03-10

CVE-2020-10251

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.9

Description An out-of-bounds read issue exists within the ReadHEICImageByID function in codersheic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image.

Recommendations For ImageMagick version 7.0.9, consider updating to a newer version that contains a fix for this issue. As a temporary workaround, restrict the use of the ReadHEICImageByID function in codersheic.c to minimize the risk of exploitation. Avoid processing images with width or height values that exceed the actual size of the image until the issue is resolved.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2020-10251

Affected Products

Imagemagick

PT-2020-12007 · Imagemagick · Imagemagick

CVE-2020-10251

Weakness Enumeration

Related Identifiers

Affected Products

References · 6