This flaw affects ImageMagick versions prior to 7.0.9-0. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero.
Published: Decem5:15:17 PM -0500Ī flaw was found in ImageMagick in MagickCore/gem-private.h. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer.
These issues could impact application availability or potentially cause other problems related to undefined behavior. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. This flaw affects ImageMagick versions prior to 7.0.8-68. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. Published: Decem5:15:17 PM -0500Ī flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h.
An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. A flaw was found in ImageMagick in MagickCore/quantum-export.c.
0 kommentar(er)
