virus logo FortiClient Vulnerability

ImageMagick CVE-2020-25663 Use After Free Vulnerability

description-logoDescription

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.

affected-products-logoAffected Applications

ImageMagick

CVE References

CVE-2020-25663

Other References

https://github.com/ImageMagick/ImageMagick/issues
ID 65952
Created Dec 13, 2020
Description
Updated		 Dec 15, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor ImageMagick
Patch manual
Application ImageMagick