Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-OpenMP-x86: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Ma…
Summary
ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex. This vulnerability in ImageMagick is rated as Low impact. Exploitation requires an attacker to trigger these specific resource exhaustion conditions, which limits the practical attack surface and reduces the overall risk of information disclosure on standard Red Hat deployments. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L). Weakness: CWE-125. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
- < 7.1.2-15
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Isolate ImageMagick tasks by running them inside unprivileged containers (such as Podman) with strict SELinux confinement. Alternatively, sanitize untrusted files using an intermediate script to strip complex metadata before passing them to ImageMagick.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.