Skip to main content

Out-of-bounds Write

CVE-2020-25664

Severity Medium
Score 6.1/10

Summary

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick-6.x versions prior to 6.9.10-68 & above 6.9.11-47 and ImageMagick-7.x prior to 7.0.8-68.

  • LOW
  • LOCAL
  • LOW
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • HIGH

CWE-787 - Out-of-Bounds Write

Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.

Advisory Timeline

  • Published