PublicDateAtUSN: 2020-12-08 22:15:00 UTC
Candidate: CVE-2020-25674
PublicDate: 2020-12-08 22:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25674
 https://ubuntu.com/security/notices/USN-4988-1
 https://ubuntu.com/security/notices/USN-5335-1
Description:
 WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an
 improper exit condition that can allow an out-of-bounds READ via
 heap-buffer-overflow. This occurs because it is possible for the colormap
 to have less than 256 valid values but the loop condition will loop 256
 times, attempting to pass invalid colormap data to the event logger. The
 patch replaces the hardcoded 256 value with a call to MagickMin() to ensure
 the proper value is used. This could impact application availability when a
 specially crafted input file is processed by ImageMagick. This flaw affects
 ImageMagick versions prior to 7.0.8-68.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://github.com/ImageMagick/ImageMagick/issues/1715
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_imagemagick:
 upstream: https://github.com/ImageMagick/ImageMagick6/commit/2fdff8e040cd4401498d89f3c3d1f89cffd118b0
upstream_imagemagick: released (8:6.9.11.24+dfsg-1)
precise/esm_imagemagick: DNE
trusty_imagemagick: ignored (out of standard support)
trusty/esm_imagemagick: DNE
xenial_imagemagick: ignored (end of standard support, was needs-triage)
esm-infra/xenial_imagemagick: released (8:6.8.9.9-7ubuntu5.16+esm2)
bionic_imagemagick: released (8:6.9.7.4+dfsg-16ubuntu6.11)
focal_imagemagick: released (8:6.9.10.23+dfsg-2.1ubuntu11.4)
groovy_imagemagick: released (8:6.9.10.23+dfsg-2.1ubuntu13.3)
hirsute_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)
impish_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)
jammy_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)
devel_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)