CVE-2020-25667

2020-12-0821:15:12

Debian Security Bug Tracker

security-tracker.debian.org

cve-2020-25667

tiffgetprofiles

out-of-bounds read

improper string handling

imagemagick

availability impact

unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.5%

JSON

TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for "dc:format=\"image/dng\" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.

OSVersionArchitecturePackageVersionFilename
Debian12allimagemagick< 8:6.9.11.60+dfsg-1.6+deb12u2imagemagick_8:6.9.11.60+dfsg-1.6+deb12u2_all.deb
Debian11allimagemagick< 8:6.9.11.60+dfsg-1.3+deb11u4imagemagick_8:6.9.11.60+dfsg-1.3+deb11u4_all.deb
Debian999allimagemagick< 8:6.9.13.12+dfsg1-1imagemagick_8:6.9.13.12+dfsg1-1_all.deb
Debian13allimagemagick< 8:6.9.13.12+dfsg1-1imagemagick_8:6.9.13.12+dfsg1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	imagemagick	< 8:6.9.11.60+dfsg-1.6+deb12u2	imagemagick_8:6.9.11.60+dfsg-1.6+deb12u2_all.deb
Debian	11	all	imagemagick	< 8:6.9.11.60+dfsg-1.3+deb11u4	imagemagick_8:6.9.11.60+dfsg-1.3+deb11u4_all.deb
Debian	999	all	imagemagick	< 8:6.9.13.12+dfsg1-1	imagemagick_8:6.9.13.12+dfsg1-1_all.deb
Debian	13	all	imagemagick	< 8:6.9.13.12+dfsg1-1	imagemagick_8:6.9.13.12+dfsg1-1_all.deb