Information Disclosure and Denial of Service
Summary
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service. A flaw was found in ImageMagick. This heap buffer overflow vulnerability, identified as CWE-122 (Heap-based Buffer Overflow), occurs in the magnify operation when processing an unrecognized `magnify:method` value. An attacker could exploit this by providing a specially crafted input, leading to an out-of-bounds read. This could potentially expose sensitive information or cause a denial of service (DoS) to the system. Red Hat severity: Moderate — CVSS 6.1 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H). Weakness: CWE-125. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
- < 7.1.2-19
Official advisory · high-confidence parse· fetched 1 hour ago·verify at source
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 1 hour ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.