Debian 10 Buster DLA-3357-1 Critical: Imagemagick Privilege Escalation
debian lts
March 11, 2023
Several vulnerabilities have been discovered in imagemagick that may lead to a privilege escalation, denial of service or information leaks
Summary
CVE-2020-19667
A stack-based buffer overflow and unconditional jump was found in
ReadXPMImage in coders/xpm.c
CVE-2020-25665
An out-of-bounds read in the PALM image coder was found in
WritePALMImage in coders/palm.c
CVE-2020-25666
An integer overflow was possible during simple math
calculations in HistogramCompare() in MagickCore/histogram.c
CVE-2020-25674
A for loop with an improper exit condition was found that can
allow an out-of-bounds READ via heap-buffer-overflow in
WriteOnePNGImage from coders/png.c
CVE-2020-25675
A undefined behavior was found in the form of integer overflow
and out-of-range values as a result of rounding calculations
performed on unconstrained pixel offsets in the CropImage()
and CropImageToTiles() routines of MagickCore/transform.c
CVE-2020-25676
A undefined behavior was found in the form of integer overflow
and out-of-range values as a result of rounding calculations
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: imagemagick
Version: 8:6.9.10.23+dfsg-2.1+deb10u2
CVE ID: CVE-2020-19667 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674
Debian Bug: 1027164 1030767
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!