Veracode Vulnerability DatabaseVERACODE:27129

HistorySep 21, 2020 - 6:37 a.m.

Arbitrary Code Execution

2020-09-2106:37:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

graphicsmagick

vulnerability

heap overflow

writergbimage

coders

rgb.c

multiple frames

non-identical widths

software

EPSS

0.009

Percentile

82.4%

JSON

graphicsmagick is vulnerable to arbitrary code execution. The vulnerability exists through a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.

References

hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c

www.securityfocus.com/bid/99978

lists.debian.org/debian-lts-announce/2018/06/msg00009.html

www.debian.org/security/2018/dsa-4321

EPSS

0.009

Percentile

82.4%

JSON

Related for VERACODE:27129