Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

ImageMagick <= 7.0.8-50 Multiple Vulnerabilities (Linux)

Information

Severity

Severity

Medium

Family

Family

General

CVSSv2 Base

CVSSv2 Base

6.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

4 years ago

Modified

Modified

4 years ago

Summary

ImageMagick is prone to multiple vulnerabilities.

Insight

Insight

Following vulnerabilities exist: - Heap-based buffer over-read at MagickCore/threshold in AdaptiveThresholdImage because a width of zero is mishandled. - Direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. - Heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. - Heap-based buffer over-read at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. - Heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. - Heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. - Memory leaks in AcquireMagickMemory because of an AnnotateImage error. - Heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. - Heap-based buffer over-read in MagickCore/composite.c in CompositeImages. - Stack-based buffer overflow at coders/pnm.c in WritePNMImage because of mispalces assignment. - Stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. - Stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. - Heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. - Heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. - Memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. - Memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. - Memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. - ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.

Affected Software

Affected Software

ImageMagick through version 7.0.8-50.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 7.0.8-51.