ImageMagick Heap Buffer Over-Read Vulnerability in Raw Image Format Handles

A heap buffer over-read vulnerability has been identified in ImageMagick versions prior to 7.1.2-15 and 6.9.13-40. This vulnerability exists in multiple raw image format handles and arises when processing images with -extract dimensions larger than -size dimensions. The issue leads to out-of-bounds memory reads from a heap-allocated buffer, potentially allowing for memory corruption or information disclosure.

Impact

Exploitation of this vulnerability causes a heap buffer over-read, leading to out-of-bounds memory reads from a heap-allocated buffer. This type of vulnerability can often be exploited to disclose sensitive information or manipulate memory in a way that could be harmful.

Reproduction

The vulnerability can be reproduced by using ImageMagick to process raw images with -extract dimensions that exceed the -size dimensions. This can be done through the command line or by using a script that leverages the ImageMagick library.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-15 or 6.9.13-40, both of which include the necessary patch to address this vulnerability.