GHSA-p863-5fgm-rgq4
ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image
상세
A NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in Denial of Service.
``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==3704942==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x7f9d141239e0 bp 0x7ffd4c5711e0 sp 0x7ffd4c571148 T0) #0 0x7f9d141239e0 (/lib/x86_64-linux-gnu/libc.so.6+0xc49e0) #1 0x558a25e4f08d in ClonePixelCacheRepository._omp_fn.0 MagickCore/cache.c:784 #2 0x7f9d14c06a15 in GOMP_parallel (/lib/x86_64-linux-gnu/libgomp.so.1+0x14a15) #3 0x558a25e43151 in ClonePixelCacheRepository MagickCore/cache.c:753 #4 0x558a25e49a96 in OpenPixelCache MagickCore/cache.c:3849 #5 0x558a25e45117 in GetImagePixelCache MagickCore/cache.c:1829 #6 0x558a25e4dde3 in SyncImagePixelCache MagickCore/cache.c:5647 #7 0x558a256ba57d in SetImageExtent MagickCore/image.c:2713 ```
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-AnyCPU --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-HDRI-AnyCPU --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-HDRI-OpenMP-arm64 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-HDRI-OpenMP-x64 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-HDRI-arm64 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-HDRI-x64 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-HDRI-x86 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-OpenMP-arm64 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-OpenMP-x64 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-OpenMP-x86 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-arm64 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-x64 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q16-x86 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q8-AnyCPU --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q8-OpenMP-arm64 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q8-OpenMP-x64 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q8-arm64 --version 14.10.3 0 수정 버전: 14.10.3 dotnet add package Magick.NET-Q8-x86 --version 14.10.3 참고
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-25798 [ADVISORY]
- https://github.com/ImageMagick/ImageMagick/issues/8567 [WEB]
- https://github.com/ImageMagick/ImageMagick/commit/e046417675d5c26e5f48816851a406c121c77469 [WEB]
- https://github.com/ImageMagick/ImageMagick [PACKAGE]
- https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3 [WEB]