ImageMagick - Out-of-bounds Access in ConnectedComponentsImage via connected-components Artifact
Summary
ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of service or potential code execution. By passing malformed connected-components definitions through the CLI, an attacker can cause a denial of service or potentially execute arbitrary code. Exploitation requires local user interaction via the CLI and can result in a denial of service or arbitrary code execution. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
- < 7.1.2-19
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Prevent the injection of malformed -connected-components flags by strictly sanitizing all user-supplied CLI input in backend applications. Additionally, if automated ImageMagick processing is not required, restrict execution permissions on the binaries to trusted administrative groups.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.