CVE-2020-10938

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GraphicsMagick versions prior to 1.3.35

Description The issue is related to an integer overflow and resultant heap-based buffer overflow in the HuffmanDecodeImage function in magick/compress.c. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 1.3.35, update to version 1.3.35 or later to resolve the issue. As a temporary workaround, consider restricting access to the HuffmanDecodeImage function in magick/compress.c until a patch is available.

Fix

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

ALT-PU-2020-2894

ALT-PU-2021-1452

BDU:2021-03601

CVE-2020-10938

DLA-2173-1

DSA-4675-1

OPENSUSE-SU-2020:0416-1

OPENSUSE-SU-2020:0429-1

OPENSUSE-SU-2020_0416-1

USN-5190-1

Affected Products

Alt Linux

Graphicsmagick

Linuxmint

Suse

Ubuntu

CVE-2020-10938

Weakness Enumeration

Related Identifiers

Affected Products

References · 35