ImageMagick Heap-Buffer Overflow Vulnerability in UHDR Image Writing

A heap-buffer overflow vulnerability has been identified in ImageMagick versions prior to 7.1.2-15. The issue arises in the 'WriteUHDRImage' function within 'coders/uhdr.c', where signed integer arithmetic is used to calculate the pixel buffer size. This approach can lead to a multiplication overflow when handling large image dimensions, resulting in an inadequate heap allocation. Consequently, this allows for an out-of-bounds write, which can crash the process or potentially be exploited for arbitrary memory manipulation.

Impact

Exploitation of this vulnerability causes a heap-buffer overflow, which can lead to a process crash or an out-of-bounds heap write, potentially allowing for arbitrary memory manipulation.

Reproduction

The vulnerability can be reproduced by using ImageMagick to write UHDR images with large dimensions. The 'WriteUHDRImage' function will incorrectly calculate the pixel buffer size due to signed integer overflow, leading to insufficient heap allocation and out-of-bounds writing.

Remediation

Users can upgrade to ImageMagick version 7.1.2-15 or later to address this vulnerability.