Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.107807
Category:Denial of Service
Title:GraphicsMagick < 1.3.35 heap-based Buffer Overflow vulnerability (Windows)
Summary:GraphicsMagick is prone to an integer overflow and resultant heap-based; buffer overflow vulnerability.
Description:Summary:
GraphicsMagick is prone to an integer overflow and resultant heap-based
buffer overflow vulnerability.

Vulnerability Insight:
GraphicsMagick has an integer overflow and resultant heap-based buffer
overflow in HuffmanDecodeImage in magick/compress.c.

Vulnerability Impact:
An attacker attempting to abuse a buffer overflow for a more specific
purpose other than crashing the target system, can purposely overwrite important values in the call stack
of the target machine such as the instruction pointer (IP) or base pointer (BP) in order to execute his or
her potentially malicious unsigned code.

Affected Software/OS:
GraphicsMagick prior to version 1.3.35.

Solution:
Update to GraphicsMagick version 1.3.35 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-10938
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.