Lucene search

Veracode Vulnerability DatabaseVERACODE:26917

HistorySep 21, 2020 - 6:25 a.m.

Arbitrary Code Execution

2020-09-2106:25:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

arbitrary code execution

vulnerability

heap-based buffer overflow

acquirecachenexus

pixel cache

EPSS

0.011

Percentile

84.3%

JSON

graphicsmagick is vulnerable to arbitrary code execution. The vulnerability exists as through a heap-based buffer overflow in the AcquireCacheNexus function in magick/pixel_cache.c.

References

hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d

hg.code.sf.net/p/graphicsmagick/code/rev/1b9e64a8901e

hg.code.sf.net/p/graphicsmagick/code/rev/2a21cda3145b

hg.code.sf.net/p/graphicsmagick/code/rev/2b7c826d36af

hg.code.sf.net/p/graphicsmagick/code/rev/3dc7b4e3779d

hg.code.sf.net/p/graphicsmagick/code/rev/75245a215fff

hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0

hg.code.sf.net/p/graphicsmagick/code/rev/fcd3ed3394f6

www.securityfocus.com/bid/101795

lists.debian.org/debian-lts-announce/2017/11/msg00013.html

lists.debian.org/debian-lts-announce/2018/06/msg00009.html

sourceforge.net/p/graphicsmagick/bugs/450/

usn.ubuntu.com/4248-1/

www.debian.org/security/2018/dsa-4321

EPSS

0.011

Percentile

84.3%

JSON

Related for VERACODE:26917