Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
ImageMagick <= 7.0.8-50 Multiple Vulnerabilities (Mac OS X)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
ImageMagick is prone to multiple vulnerabilities.
Insight
Insight
Following vulnerabilities exist: - Heap-based buffer over-read at MagickCore/threshold in AdaptiveThresholdImage because a width of zero is mishandled. - Direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. - Heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. - Heap-based buffer over-read at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. - Heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. - Heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. - Memory leaks in AcquireMagickMemory because of an AnnotateImage error. - Heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. - Heap-based buffer over-read in MagickCore/composite.c in CompositeImages. - Stack-based buffer overflow at coders/pnm.c in WritePNMImage because of mispalces assignment. - Stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. - Stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. - Heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. - Heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. - Memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. - Memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. - Memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. - ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
Affected Software
Affected Software
ImageMagick through version 7.0.8-50.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 7.0.8-51.
Common Vulnerabilities and Exposures (CVE)
References
- https://github.com/ImageMagick/ImageMagick/issues/1609
- https://github.com/ImageMagick/ImageMagick/issues/1611
- https://github.com/ImageMagick/ImageMagick/issues/1610
- https://github.com/ImageMagick/ImageMagick/issues/1608
- https://github.com/ImageMagick/ImageMagick/issues/1604
- https://github.com/ImageMagick/ImageMagick/issues/1586
- https://github.com/ImageMagick/ImageMagick/issues/1585
- https://github.com/ImageMagick/ImageMagick/issues/1589
- https://github.com/ImageMagick/ImageMagick/issues/1597
- https://github.com/ImageMagick/ImageMagick/issues/1603
- https://github.com/ImageMagick/ImageMagick/issues/1614
- https://github.com/ImageMagick/ImageMagick/issues/1613
- https://github.com/ImageMagick/ImageMagick/issues/1612
- https://github.com/ImageMagick/ImageMagick/issues/1615
- https://github.com/ImageMagick/ImageMagick/issues/1595
- https://github.com/ImageMagick/ImageMagick/issues/1616
- https://github.com/ImageMagick/ImageMagick/issues/1623
- https://github.com/ImageMagick/ImageMagick/issues/1588