Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.0199
Percentile: 0.8283

CVSS Scoring

Mapped CWE(s)

• CWE-681 : Incorrect Conversion between Numeric Types

Affected Products

• cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

← Back to Home