CNNVD-202509-714 Information
CNNVD ID
CNNVD-202509-714
Related CVE
- CNNVD Published: 2025-09-05
Description (Chinese)
ImageMagick是ImageMagick开源的一套开源的图像处理软件。可读取、转换或写入多种格式的图片。 ImageMagick 14.8.2之前版本存在缓冲区错误漏洞,该漏洞源于SeekBlob和WriteBlob函数不安全,可能导致堆写入攻击。
Description (English)
ImageMagick is an open-source image-processing software for ImageMagick open source. Reads, converts or writes pictures in multiple formats. The previous version of ImageMagick 14.8.2 had an error loophole in the buffer zone, which stemmed from the insecurity of theSeekBlob and WriteBlob functions, which could lead to a stacking of attacks.
Hazard Level
Critical
Vulnerability Type
缓冲区错误
Affected Vendor
imgproxy
Published
2025-09-05
Last Modified
2026-02-24
References
https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg https://vigilance.fr/vulnerability/ImageMagick-memory-corruption-via-WriteBlobStream-48102
Patch
https://github.com/ImageMagick/ImageMagick/releases
Share on: