| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
VCID-4zrw-tv4p-6fg3 |
| vulnerability_id |
VCID-4zrw-tv4p-6fg3 |
| summary |
ImageMagick has a heap-buffer-overflow in FTXT encoder
The FTXT encoder lacks a boundary check when parsing `ftxt:format`, resulting in an out of bounds read.
```
==3040863==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000085b2 at pc 0x606c1ee0c6ce bp 0x7ffee30d6150 sp 0x7ffee30d6148
READ of size 1 at 0x5020000085b2 thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-w54j-7wpm-crhj
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4zrw-tv4p-6fg3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| url |
VCID-ayjc-27p7-xkfs |
| vulnerability_id |
VCID-ayjc-27p7-xkfs |
| summary |
ImageMagick has has a stack-buffer-overflow in MNG encoder with oversized pallete
The patch for GHSA-7h7q-j33q-hvpf was incomplete and still allows a stack buffer overflow for the multi frame images. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-98cp-rj9f-6v5g
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ayjc-27p7-xkfs |
|
| 8 |
| url |
VCID-bkhu-mtsz-wubs |
| vulnerability_id |
VCID-bkhu-mtsz-wubs |
| summary |
ImageMagick has a heap buffer overflow read in magnify operation via unrecognized magnify:method value
An unrecognized magnify:method will result in an out of bounds read in the magnify operation.
```
==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000b30
READ of size 4 at 0x61a000000b30 thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-8vfj-q2cp-5m5j
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bkhu-mtsz-wubs |
|
| 9 |
|
| 10 |
| url |
VCID-es84-ey86-wkfp |
| vulnerability_id |
VCID-es84-ey86-wkfp |
| summary |
ImageMagick has has an off-by-one origin validation in allows out-of-bounds read in morphology processing
An incorrect morphology would allow an out of bounds read of a single pixel.
```
==1200284==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5100000002d0 at pc 0x59e28e60c27a bp 0x7fff047fd8e0 sp 0x7fff047fd8d0
READ of size 4 at 0x5100000002d0 thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-q8h3-jv9v-57qx
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-es84-ey86-wkfp |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| url |
VCID-zdnb-14uw-xucc |
| vulnerability_id |
VCID-zdnb-14uw-xucc |
| summary |
ImageMagick has out-of-bounds access in ConnectedComponentsImage() via CLI-controlled connected-components:* artifacts
When the `connected-components:*` define specifies an invalid index and out of bound operation will result in an access violation. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-pmpg-6pww-fg6q
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zdnb-14uw-xucc |
|