Home

CVE-2020-25665

Description

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.313

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Imagemagic (x64) 7.0.8Windows
Multiple Vulnerabilities are affected in Imagemagic 7.0.8Windows
Multiple Vulnerabilities are affected in ImageMagick 7.0.8Windows
SUSE-SU-2021:0199-1(SUSE Linux Enterprise Server 12-SP5 ) ImageMagick-config-6-SUSE-6.8.8.1-71.154.1.x86_64.rpmLinux
SUSE-SU-2021:0199-1(SUSE Linux Enterprise Server 12-SP5 ) ImageMagick-config-6-upstream-6.8.8.1-71.154.1.x86_64.rpmLinux
SUSE-SU-2021:0199-1(SUSE Linux Enterprise Server 12-SP5 ) ImageMagick-debuginfo-6.8.8.1-71.154.1.x86_64.rpmLinux
SUSE-SU-2021:0199-1(SUSE Linux Enterprise Server 12-SP5 ) ImageMagick-debugsource-6.8.8.1-71.154.1.x86_64.rpmLinux
SUSE-SU-2021:0199-1(SUSE Linux Enterprise Server 12-SP5 ) libMagickCore-6_Q16-1-6.8.8.1-71.154.1.x86_64.rpmLinux
SUSE-SU-2021:0199-1(SUSE Linux Enterprise Server 12-SP5 ) libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1.x86_64.rpmLinux
SUSE-SU-2021:0199-1(SUSE Linux Enterprise Server 12-SP5 ) libMagickWand-6_Q16-1-6.8.8.1-71.154.1.x86_64.rpmLinux
SUSE-SU-2021:0199-1(SUSE Linux Enterprise Server 12-SP5 ) libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1.x86_64.rpmLinux
Image manipulation programs and library (USN-4988-1) imagemagick_6.9.7.4+dfsg-16ubuntu6.11_i386.debLinux
Image manipulation programs and library (USN-4988-1) imagemagick_6.9.7.4+dfsg-16ubuntu6.11_amd64.debLinux
Image manipulation programs and library (USN-4988-1) imagemagick_6.9.10.23+dfsg-2.1ubuntu11.4_i386.debLinux
Image manipulation programs and library (USN-4988-1) imagemagick_6.9.10.23+dfsg-2.1ubuntu11.4_amd64.debLinux
Image manipulation programs and library (USN-4988-1) imagemagick_6.9.10.23+dfsg-2.1ubuntu13.3_i386.debLinux
Image manipulation programs and library (USN-4988-1) imagemagick_6.9.10.23+dfsg-2.1ubuntu13.3_amd64.debLinux
Image manipulation programs and library (USN-4988-1) libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.4_i386.debLinux
Image manipulation programs and library (USN-4988-1) libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu11.4_amd64.debLinux
Image manipulation programs and library (USN-4988-1) libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu13.3_i386.debLinux
Image manipulation programs and library (USN-4988-1) libmagick++-6.q16-8_6.9.10.23+dfsg-2.1ubuntu13.3_amd64.debLinux
Image manipulation programs and library (USN-4988-1) libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.4_i386.debLinux
Image manipulation programs and library (USN-4988-1) libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu11.4_amd64.debLinux
Image manipulation programs and library (USN-4988-1) libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu13.3_i386.debLinux
Image manipulation programs and library (USN-4988-1) libmagickcore-6.q16-6_6.9.10.23+dfsg-2.1ubuntu13.3_amd64.debLinux
Image manipulation programs and library (USN-4988-1) libmagickcore-6.q16-3_6.9.7.4+dfsg-16ubuntu6.11_i386.debLinux
Image manipulation programs and library (USN-4988-1) libmagickcore-6.q16-3_6.9.7.4+dfsg-16ubuntu6.11_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234