Home > Vulnerability Database > CVE-2020-25663

Mend.io Vulnerability Database

CVE-2020-25663

Good to know:

Date: December 8, 2020

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.

Language: C

Severity Score

5.5

Related Resources (7)

Url: https://github.com/ImageMagick/ImageMagick/issues/1723#issuecomment-718275153

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-25663

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1891601

Url: https://access.redhat.com/security/cve/CVE-2020-25663

Url: https://github.com/ImageMagick/ImageMagick/issues/1723

Url: https://github.com/ImageMagick/ImageMagick/commit/a47e7a994766b92b10d4a87df8c1c890c8b170f3

Url: https://www.mend.io/vulnerability-database/CVE-2020-25663

Severity Score

5.5

Weakness Type (CWE)

Use After Free

CWE-416

Top Fix

Upgrade Version

Upgrade to version 7.0.9-0

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-25663

Good to know:

Date: December 8, 2020

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?