Bugzilla – Bug 1179218
VUL-0: CVE-2020-25667: ImageMagick: heap-based buffer overflow in TIFFGetProfiles
Last modified: 2020-12-09 14:35:23 UTC
ImageMagick 7.0.8-68 there is a heap-buffer-overflow at coders/tiff.c in TIFFGetProfiles.
Seems that the issue was introduced in 7.0.8-63 and 6.9.10-63 . based on this none of our codestream is affected. Unfortunately the POC is not available to cross check. It would be beneficial if you Petr could also confirm.
Yes. If I get that correctly, profile is not guaranteed to be a null terminated string and strstr() goes beyond it.
Closing as fixed (in Factory).