The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.
A stack-based buffer overflow and unconditional jump in function ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7 allows for an out-of-bounds-write.
Watch the video to learn more about this and other important vulnerabilities.
The CVSS Base score of this vulnerability is 7.8 High ( CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
ImageMagick 7.0.10-7 Q16 x86_64 2020-04-10
This vulnerability was a consequence of an incomplete fix for vulnerability in CVE-2019-1003005. It appears to have been found by Jenkins directly.
ImageMagick® is a popular open source tool that is used to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. ImageMagick can resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves. This vulnerability will allow an attacker to perform a variety of actions such as crash the server or perform remote code execution on the victim machine. A publicly available exploit is posted here.
The Virsec Security Platform (VSP)- Web can detect and protect against buffer overflow vulnerability and can save its customers from this type of attack.
Download the full vulnerability report to learn more about this and other important vulnerabilities.
Jump to: List of CVE Vulnerabilities