This flaw affects ImageMagick versions prior to 7.0.9-0. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. These issues could impact application availability or potentially cause other problems related to undefined behavior. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. This flaw affects ImageMagick versions prior to 7.0.8-68. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. Published: Decem5:15:17 PM -0500Ī flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. ![]() ![]() An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. Published: Decem5:15:18 PM -0500Ī flaw was found in ImageMagick in MagickCore/quantum-export.c. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior.
0 Comments
Leave a Reply. |