5.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): HIGH
ImageMagick has a heap buffer over-write on 32-bit systems in SFW decoder
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
References
Affected products
- ==>= 7.0.0, < 7.1.2-16
- ==< 6.9.13-41
Matching in nixpkgs
pkgs.imagemagick
Software suite to create, edit, compose, or convert bitmap images
pkgs.imagemagick6
Software suite to create, edit, compose, or convert bitmap images
pkgs.imagemagickBig
Software suite to create, edit, compose, or convert bitmap images
pkgs.imagemagick6Big
Software suite to create, edit, compose, or convert bitmap images
pkgs.imagemagick_light
Software suite to create, edit, compose, or convert bitmap images
pkgs.imagemagick6_light
Software suite to create, edit, compose, or convert bitmap images
pkgs.graphicsmagick-imagemagick-compat
Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces
pkgs.tests.pkg-config.defaultPkgConfigPackages.MagickWand
Test whether imagemagick-7.1.2-8 exposes pkg-config modules MagickWand
pkgs.tests.pkg-config.defaultPkgConfigPackages.ImageMagick
Test whether imagemagick-7.1.2-8 exposes pkg-config modules ImageMagick
Package maintainers
-
@faukah faukah
-
@rhendric Ryan Hendrickson
-
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>