Description

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Related CPE's

a

imagemagick

imagemagick

2

a

fedoraproject

extra_packages_for_enterprise_linux

8.0

Vulnerable

o

fedoraproject

fedora

36

Vulnerable

o

redhat

enterprise_linux

7.0

Vulnerable

References

https://bugzilla.redhat.com/show_bug.cgi?id=2091811

Issue TrackingPatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512

PatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html

Weaknesses

[email protected]

Primary
CWE-190

[email protected]

Secondary
CWE-190

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-06-16T18:15:10.873

3 years ago

Last modified

2023-05-22T02:15:11.247

2 years ago