Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS Information
N/A
Vulnerability Type
释放后使用
Vulnerability Title
Imagemagick Studio ImageMagick 资源管理错误漏洞
Vulnerability Description
Imagemagick Studio ImageMagick是美国ImageMagick Studio(Imagemagick Studio)公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick 7.0.9-0之前版本存在资源管理错误漏洞,该漏洞源于当调用GetPixelRed()或GetPixelBlue()时,在MagickCore channel.c的SetImageAlphaChannel()例程中调用ConformPixelInfo()会导致随后的堆-u
CVSS Information
N/A
Vulnerability Type
N/A