TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1891613 | Exploit Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-12-08T20:57:59
Updated: 2020-12-08T20:57:59
Reserved: 2020-09-16T00:00:00
Link: CVE-2020-25667
JSON object: View
NVD Information
Status : Modified
Published: 2020-12-08T21:15:12.700
Modified: 2023-11-07T03:20:20.760
Link: CVE-2020-25667
JSON object: View
Redhat Information
No data.
CWE