Lucene search
GoogleOSV:CVE-2020-25667HistoryDec 08, 2020 - 9:15 p.m.
CVE-2020-25667
2020-12-0821:15:12
Google
osv.dev
5
cve-2020-25667
imagemagick
tiffgetprofiles
out-of-bounds read
stringinfo
availability
software
patch
TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for "dc:format=\"image/dng\" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.
Related
ubuntucve
ubuntucve
CVE-2020-25667
2020-12-08 00:00:00
nvd
nvd
CVE-2020-25667
2020-12-08 21:15:12
cvelist
cvelist
CVE-2020-25667
2020-12-08 20:57:59
redhatcve
redhatcve
CVE-2020-25667
2020-11-24 19:24:13
debiancve
debiancve
CVE-2020-25667
2020-12-08 21:15:12
prion
prion
Design/Logic Flaw
2020-12-08 21:15:00
cve
cve
CVE-2020-25667
2020-12-08 21:15:12
openvas
openvas
Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2022-1731)
2022-05-25 00:00:00
Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2022-1536)
2022-04-25 00:00:00
Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2022-1570)
2022-04-25 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2022-1731)
2022-05-26 00:00:00
EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2022-1536)
2022-04-25 00:00:00
EulerOS 2.0 SP8 : ImageMagick (EulerOS-SA-2022-1570)
2022-04-25 00:00:00