AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Imagemagic gem11/29/2023 ![]() This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).Ī stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This security flaw cause a remote code execution vulnerability in OpenBlob with -enable-pipes configured.Ī vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.Ī vulnerability was found in ImageMagick. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.Ī vulnerability was found in ImageMagick. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.Ī heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.Ī heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. This vulnerable state may persist in the same process across many requests, until the process is shut down.Ī heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. ![]() ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.
0 Comments
Read More
Leave a Reply. |