Lucene search
RedhatCVELIST:CVE-2020-25667HistoryDec 08, 2020 - 8:57 p.m.
CVE-2020-25667
2020-12-0820:57:59
CWE-122
redhat
www.cve.org
2
imagemagick
tiffgetprofiles
out-of-bounds
string handling
availability
patch
stringinfo
cve-2020-25667
TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for "dc:format=\"image/dng\" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.
CNA Affected
[
{
"product": "ImageMagick",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 7.0.9-0"
}
]
}
]Related
osv
osv
CVE-2020-25667
2020-12-08 21:15:12
ubuntucve
ubuntucve
CVE-2020-25667
2020-12-08 00:00:00
nvd
nvd
CVE-2020-25667
2020-12-08 21:15:12
redhatcve
redhatcve
CVE-2020-25667
2020-11-24 19:24:13
debiancve
debiancve
CVE-2020-25667
2020-12-08 21:15:12
prion
prion
Design/Logic Flaw
2020-12-08 21:15:00
cve
cve
CVE-2020-25667
2020-12-08 21:15:12
nessus
nessus
EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2022-1536)
2022-04-25 00:00:00
EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2022-1731)
2022-05-26 00:00:00
EulerOS 2.0 SP8 : ImageMagick (EulerOS-SA-2022-1570)
2022-04-25 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2022-1536)
2022-04-25 00:00:00
Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2022-1731)
2022-05-25 00:00:00
Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2022-1570)
2022-04-25 00:00:00