Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ImageMagick BlobStream Forward-Seek Under-Allocation
Vulnerability Description
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
跨界内存写
Vulnerability Title
ImageMagick 缓冲区错误漏洞
Vulnerability Description
ImageMagick是ImageMagick开源的一套开源的图像处理软件。可读取、转换或写入多种格式的图片。 ImageMagick 14.8.2之前版本存在缓冲区错误漏洞,该漏洞源于SeekBlob和WriteBlob函数不安全,可能导致堆写入攻击。
CVSS Information
N/A
Vulnerability Type
N/A