Primary

Context

ImageMagick Heap-Buffer Overflow Vulnerability in MNG Image Handling Prior to 7.1.2-1

Vulnerability

Patched

A heap-buffer overflow vulnerability has been identified in ImageMagick versions prior to 7.1.2-1. The issue arises in the 'ReadOneMNGImage' function within the PNG coder, specifically when processing images with separate alpha channels during magnification. This vulnerability can potentially be exploited to leak memory contents into the output image.

Impact

Exploitation of this vulnerability can lead to a heap-buffer overflow, allowing for memory corruption and potential arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating a malicious MNG file that includes a separate alpha channel and then using ImageMagick to magnify the image. This can be done with a Python script that generates the MNG file, which is then processed by the ImageMagick command-line tool.

Remediation

Users should upgrade to ImageMagick version 7.1.2-1 or later.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Heap-Buffer Overflow Vulnerability in MNG Image Handling Prior to 7.1.2-1

Vulnerability

Impact

Reproduction

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating