Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3745: https://github.com/ImageMagick/ImageMagick/issues/1857 · ImageMagick/ImageMagick6@b466a96

A heap-based buffer overflow issue was found in ImageMagick’s PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.

CVE
Open in Source
#vulnerability#dos#git#php#buffer_overflow

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
  • Pricing

Search code, repositories, users, issues, pull requests…

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

  • Notifications

  • Fork 72

  • Code

  • Issues 37

  • Pull requests

  • Discussions

  • Actions

  • Security

  • Insights

Commit

Permalink

Browse files

Browse the repository at this point in the history

https://github.com/ImageMagick/ImageMagick/issues/1857

  • Loading branch information

Cristy committed

Mar 2, 2020

1 parent f7d9c71 commit b466a96

Showing 2 changed files with 4 additions and 0 deletions.

  • ChangeLog
    • tiff.c

2 changes: 2 additions & 0 deletions ChangeLog

Expand Up

@@ -4,6 +4,8 @@

2020-03-01 6.9.11-0 Cristy <quetzlzacatenango@image…>

* Label text no longer gets cut-off (reference

https://imagemagick.org/discourse-server/viewtopic.php?f=1&t=37621).

* Prevent heap overflow (reference

https://github.com/ImageMagick/ImageMagick/issues/1857).

2020-02-29 6.9.10-97 Cristy <quetzlzacatenango@image…>

* Release ImageMagick version 6.9.10-97, GIT revision 15453:0537c847b:20200229

Expand Down

2 changes: 2 additions & 0 deletions coders/tiff.c

Expand Up

@@ -1834,6 +1834,8 @@ RestoreMSCWarning

Convert stripped TIFF image.

*/

extent=TIFFStripSize(tiff)+sizeof(uint32);

if (photometric == PHOTOMETRIC_YCBCR)

extent<<=1;

strip_pixels=(unsigned char *) AcquireQuantumMemory(extent,

sizeof(*strip_pixels));

if (strip_pixels == (unsigned char *) NULL)

Expand Down

0 comments on commit b466a96

Please sign in to comment.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE