GHSA-6hjr-v6g4-3fm8
ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only)
상세
### Summary The TIM (PSX TIM) image parser in ImageMagick contains a critical integer overflow vulnerability in the `ReadTIMImage` function (`coders/tim.c`). The code reads `width` and `height` (16-bit values) from the file header and calculates `image_size = 2 * width * height` without checking for overflow. On 32-bit systems (or where `size_t` is 32-bit), this calculation can overflow if `width` and `height` are large (e.g., 65535), wrapping around to a small value. This results in a small heap allocation via `AcquireQuantumMemory` and later operations relying on the dimensions can trigger an out of bounds read. ### Vulnerable Code File: `coders/tim.c` ```c width=ReadBlobLSBShort(image); height=ReadBlobLSBShort(image); image_size=2*width*height; // Line 234 - NO OVERFLOW CHECK! ```
### Impact This vulnerability can lead to Arbitrary Memory Disclosure due to an out of bounds read on 32-bit systems.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
0 수정 버전: 14.10.0 dotnet add package Magick.NET-Q16-AnyCPU --version 14.10.0 0 수정 버전: 14.10.0 dotnet add package Magick.NET-Q16-HDRI-AnyCPU --version 14.10.0 0 수정 버전: 14.10.0 dotnet add package Magick.NET-Q16-HDRI-x86 --version 14.10.0 0 수정 버전: 14.10.0 dotnet add package Magick.NET-Q16-x86 --version 14.10.0 0 수정 버전: 14.10.0 dotnet add package Magick.NET-Q8-AnyCPU --version 14.10.0 0 수정 버전: 14.10.0 dotnet add package Magick.NET-Q8-x86 --version 14.10.0