CVE-2020-25667

Published: 12/8/2020 Last updated: 8/4/2024 Reserved: 9/16/2020

TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (1)

Product	Vendor	Version
ImageMagick	n/a	<= 6.7.*

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=1891613
https://bugzilla.redhat.com/show_bug.cgi?id=1891613