Package Instance

ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write
An integer overflow in DIB coder can result in out of bounds read or write

ImageMagick has Heap Use-After-Free in ImageMagick MSL decoder
A heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file.

```
=================================================================
==1500633==ERROR: AddressSanitizer: heap-use-after-free on address 0x527000011550 at pc 0x5612583fa212 bp 0x7ffedb86d160 sp 0x7ffedb86d150
READ of size 8 at 0x527000011550 thread T0
```

ImageMagick has Heap Buffer Over-Read in BilateralBlurImage
BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur.

```
=================================================================
==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370
READ of size 4 at 0x50a0000079c0 thread T0
```

ImageMagick has a Path Policy TOCTOU symlink race bypass
`domain="path"` authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write.

ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder
In MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read.

```
=================================================================
==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70
READ of size 8 at 0x506000003b40 thread T0
```

ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder
An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage.

ImageMagick has stack buffer overflow in MagnifyImage
MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.

ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder
An overflow on  32-bit systems can cause a crash in the SFW decoder when processing extremely large images.

ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays
A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption.

ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder
An extremely large image profile could result in a heap overflow when encoding a PNG image.

ImageMagick has uninitialized pointer dereference in JBIG decoder
An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check.