Bugzilla – Bug 1179218
VUL-0: CVE-2020-25667: ImageMagick: heap-based buffer overflow in TIFFGetProfiles
Last modified: 2020-12-09 14:35:23 UTC
CVE-2020-25667 ImageMagick 7.0.8-68 there is a heap-buffer-overflow at coders/tiff.c in TIFFGetProfiles. Reference: https://github.com/ImageMagick/ImageMagick/issues/1748 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/986b5dff173413fa712db27eb677cdef15f0bab6 References: https://bugzilla.redhat.com/show_bug.cgi?id=1891613 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25667
Seems that the issue was introduced in 7.0.8-63[1] and 6.9.10-63 [2]. based on this none of our codestream is affected. Unfortunately the POC is not available to cross check. It would be beneficial if you Petr could also confirm. [1]https://github.com/ImageMagick/ImageMagick/commit/77ad22e52c79102b2258ec9fcd6d86901da280ca [2] https://github.com/ImageMagick/ImageMagick6/commit/9246c8b7cbc8bef737bb0ad63c3e6f51cfaad6c0
Yes. If I get that correctly, profile is not guaranteed to be a null terminated string and strstr() goes beyond it. Closing as fixed (in Factory).