Lucene search
Redhat.comRH:CVE-2020-25663HistoryNov 24, 2020 - 7:23 p.m.
CVE-2020-25663
2020-11-2419:23:59
redhat.com
access.redhat.com
13
cve-2020-25663
conformpixelinfo
setimagealphachannel
imagemagick
heap-use-after-free
heap-buffer-overflow
denial of service
system availability
EPSS
0.001
Percentile
46.7%
A flaw was found during a call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c. This issue causes a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue()[1] is called. This flaw can occur when an attacker can submit a malicious image file to be processed by ImageMagick and could lead to a denial of service. The highest threat from this vulnerability is to system availability.
Related
cvelist
cvelist
CVE-2020-25663
2020-12-08 20:57:39
osv
osv
CVE-2020-25663
2020-12-08 21:15:12
cve
cve
CVE-2020-25663
2020-12-08 21:15:12
debiancve
debiancve
CVE-2020-25663
2020-12-08 21:15:12
ubuntucve
ubuntucve
CVE-2020-25663
2020-12-08 00:00:00
prion
prion
Heap overflow
2020-12-08 21:15:00
nvd
nvd
CVE-2020-25663
2020-12-08 21:15:12
nessus
nessus
RHEL 7 : imagemagick (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 5 : imagemagick (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 6 : imagemagick (Unpatched Vulnerability)
2024-05-11 00:00:00