CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
34.6%
WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an
improper exit condition that can allow an out-of-bounds READ via
heap-buffer-overflow. This occurs because it is possible for the colormap
to have less than 256 valid values but the loop condition will loop 256
times, attempting to pass invalid colormap data to the event logger. The
patch replaces the hardcoded 256 value with a call to MagickMin() to ensure
the proper value is used. This could impact application availability when a
specially crafted input file is processed by ImageMagick. This flaw affects
ImageMagick versions prior to 7.0.8-68.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | imagemagick | < 8:6.9.7.4+dfsg-16ubuntu6.11 | UNKNOWN |
ubuntu | 20.04 | noarch | imagemagick | < 8:6.9.10.23+dfsg-2.1ubuntu11.4 | UNKNOWN |
ubuntu | 20.10 | noarch | imagemagick | < 8:6.9.10.23+dfsg-2.1ubuntu13.3 | UNKNOWN |
ubuntu | 14.04 | noarch | imagemagick | < any | UNKNOWN |
ubuntu | 16.04 | noarch | imagemagick | < 8:6.8.9.9-7ubuntu5.16+esm2 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
34.6%