Lucene search
+L

5 matches found

OSV
OSV
added 2020/12/08 9:15 p.m.19 views

CVE-2020-25667

TIFFGetProfiles in /coders/tiff.c calls strstr which causes a large out-of-bounds read when it searches for "dc:format="image/dng" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to...

5.5CVSS6.3AI score
Exploits0References1
NVD
NVD
added 2020/12/08 9:15 p.m.23 views

CVE-2020-25667

TIFFGetProfiles in /coders/tiff.c calls strstr which causes a large out-of-bounds read when it searches for "dc:format="image/dng" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to...

5.5CVSS5.4AI score0.01095EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2020/12/08 8:57 p.m.38 views

CVE-2020-25667

TIFFGetProfiles in /coders/tiff.c calls strstr which causes a large out-of-bounds read when it searches for "dc:format="image/dng" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to...

5.5CVSS5.8AI score0.01095EPSS
Exploits1
Cvelist
Cvelist
added 2020/12/08 8:57 p.m.24 views

CVE-2020-25667

TIFFGetProfiles in /coders/tiff.c calls strstr which causes a large out-of-bounds read when it searches for "dc:format="image/dng" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to...

5.2AI score0.01095EPSS
Exploits1References1
CVE
CVE
added 2020/12/08 8:57 p.m.64 views

CVE-2020-25667

CVE-2020-25667 affects ImageMagick versions prior to 7.0.9-0. The vulnerability arises in TIFFGetProfiles() in /coders/tiff.c, where a misused strstr() can cause a large out-of-bounds read while locating the string dc:format="image/dng" in a profile, provided a crafted input file is processed. Th...

5.5CVSS5.1AI score0.01095EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder