CVE-2021-20224 An integer overflow was found in ImageMagick's 'ExportIndexQuantum' function. This could lead to values outside the range of 'unsigned char'.

CVE-2017-1116 has been assigned to this issue. A different integer overflow was found in the function GetPixelIndex in the same file. A crafted pdf could cause the function GetPixelIndex to access arbitrary memory locations, resulting in user-controlled memory execution. This has been assigned the CVE-2017-10961 identifier.

CVE-2017-9805 has been assigned to this issue. It was discovered that when running through a renderer with user privileges, the function GetQuantum in MagickCore/util.c could trigger an integer overflow resulting in a potentially exploitable denial of service.

CVE-2017-9806 has been assigned to this issue. It was discovered that when running through a renderer with user privileges, the function GetQuantum in MagickCore/util.c could trigger an integer overflow resulting in a potentially exploitable denial of service. This issue only affected version 7.0 and 7.1 of ImageMagick.

CVE-2017-9904 has been assigned to this issue. It was discovered that when running through a renderer with user privileges, the function GetQuantum in MagickCore/util.c could trigger an integer overflow resulting in a potentially exploitable denial of service.

CVE-2017-9905 has been assigned to this issue. It was discovered that when running through a renderer with user privileges, the function GetQuantum in MagickCore/util.c could trigger

Technical Description

The following table provides a summary of the CVEs assigned to this issue.

CVE # ___________________________________

CVE-2017-10961 ____________________________________________________________________

CVE-2017-10962 ____________________________________________________________________

CVE-2017-10963 ____________________________________________________________________

CVE-2017-9904 _____________________________________________________________________

Limitations and requirements of using ImageMagick  7.0.6 on Ubuntu

On some platforms, ImageMagick 7.0.6 may not be able to execute specially crafted files, which could cause a denial of service when using the function GetQuantum in MagickCore/util.c to process file metadata or OpenMP files with a malformed header which triggers an integer overflow leading to a potentially exploitable condition.

ImageMagick is on the CVE list because it has been assigned this number and because it contains vulnerabilities that can lead to crashes, code execution and elevation of privileges.

In conclusion, you need to make sure that your business is using the best method for advertising. And if you're looking for more information on how best to advertise on Facebook, read this article: https://www.entrepreneur.com/article/306617

Update Instructions

Upgrade to at least ImageMagick 7.0.7-1 (or to the latest 7.1.0-4), which address these vulnerabilities.

ImageMagick is a library of functions that support many common image processing tasks, such as resizing, flipping, or adding text or effects. The project has over 60 years of experience in delivering software tools for photographers, graphic artists, Web designers and developers and scientific researchers in areas like microscopy and remote sensing. It is used by over 180 million people around the world every day.
ImageMagick's core team consists of over 100 active contributors from more than 50 countries who work together via mailing lists and issue trackers on a volunteer basis while maintaining full-time jobs outside of ImageMagick.

Timeline

Published on: 08/25/2022 20:15:00 UTC
Last modified on: 08/29/2022 16:37:00 UTC

References

• https://github.com/ImageMagick/ImageMagick/commit/5af1dffa4b6ab984b5f13d1e91c95760d75f12a6
• https://github.com/ImageMagick/ImageMagick/pull/3083
• https://github.com/ImageMagick/ImageMagick6/commit/553054c1cb1e4e05ec86237afef76a32cd7c464d
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20224