Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ImageMagick has heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when writing UHDR images with large dimensions
Vulnerability Description
ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
ImageMagick 输入验证错误漏洞
Vulnerability Description
ImageMagick是ImageMagick开源的一套开源的图像处理软件。可读取、转换或写入多种格式的图片。 ImageMagick 7.1.2-15之前版本存在输入验证错误漏洞,该漏洞源于WriteUHDRImage函数中整数乘法溢出导致堆分配不足和越界写入,可能导致进程崩溃或越界堆写入。
CVSS Information
N/A
Vulnerability Type
N/A