ImageMagick mishandles the -authenticate option, whichĪllows setting a password for password-protected PDF files. Range of type `unsigned char` in MagickCore/quantum.h Undefined behavior in the form of a too large shift for Range of type `unsigned char` or division by zero Range of type `unsigned int` in coders/bmp.c Outside the range of representable for the `unsigned char` type Several areas where calls to GetPixelIndex() could result in values In RestoreMSCWarning() of /coders/pdf.c there are `replace_extent`, it is possible for offset `p` to overflow in `float` was found in MagickCore/quantize.c `unsigned int` was found in MagickCore/quantum-private.h Range of types `float` and `unsigned char` in MagickCore/quantum.hĪn outside the range of representable values of type Undefined behavior in the form of values outside the range of Zero in MagickCore/segment.c when a crafted file is processedĪ crafted file that is processed by ImageMagick could trigger Undefined behavior was found in the form of math division byĬircumstances when a crafted input file is processed in Range of type `unsigned char` in coders/hdr.c Range of representable type `unsigned long` undefined behavior when a In several areas of a calculation which could lead to values outside the WritePALMImage() in /coders/palm.c used size_t casts On the `gamma` value, it's possible to trigger aĭivide-by-zero condition when a crafted input file In `GammaImage()` of /MagickCore/enhance.c, depending In Intensit圜ompare() of /MagickCore/quantize.c, aĭouble value was being casted to int and returned, which in some casesĬaused a value outside the range of type `int` to be returned. Range of type `unsigned long long` in coders/txt.c Undefined behavior was found in the form of values outside the Undefined behavior in the form of a value outside the range of type ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to Image height and width calculations can lead toĭivide-by-zero conditions which also lead to undefined behavior.Ī undefined behavior was found in MagickCore/quantum-private.h That is too large for 64-bit type in MagickCore/quantum-export.cĪ integer overflow was found in Intensit圜ompare() ofĪ division by zero was found in ParseMetaGeometry() of Range of type `unsigned long long` as well as a shift exponent ![]() MagickCore/layer.c, which may cause a denial of service.Ī division by Zero was found in MagickCore/colorspace-private.hĪnd MagickCore/quantum.h, which may cause a denial of serviceĪ undefined behavior was found in the form of values outside the Which are all functions in /MagickCore/pixel.cĪ division by Zero was found in OptimizeLayerFrames in InterpolatePixelChannels(), and InterpolatePixelInfo(), MeshInterpolate(), InterpolatePixelChannel(), Performed on unconstrained pixel offsets in CatromWeights(), ![]() Performed on unconstrained pixel offsets in the CropImage()Īnd CropImageToTiles() routines of MagickCore/transform.c ![]() To a privilege escalation, denial of service or information leaks.Ī stack-based buffer overflow and unconditional jump was found inĪn out-of-bounds read in the PALM image coder was found inĪn integer overflow was possible during simple mathĬalculations in HistogramCompare() in MagickCore/histogram.cĪ for loop with an improper exit condition was found that canĪllow an out-of-bounds READ via heap-buffer-overflow inĪ undefined behavior was found in the form of integer overflowĪnd out-of-range values as a result of rounding calculations Several vulnerabilities have been discovered in imagemagick that may lead Debian Security Advisory DLA-3357-1 imagemagick - LTS security update Date Reported: Affected Packages: imagemagick Vulnerable: Yes Security database references: In the Debian bugtracking system: Bug 1027164, Bug 1030767.
0 Comments
Leave a Reply. |