Description
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure.
Problem types
Product status
Any version before 7.1.2-19
7.1.2-19 (semver)
Credits
unbengable12
References
github.com/...Magick/security/advisories/GHSA-w54j-7wpm-crhj (GitHub Security Advisory (GHSA-w54j-7wpm-crhj))
www.vulncheck.com/...ow-in-ftxt-encoder-via-format-parameter (VulnCheck Advisory: ImageMagick - Heap Buffer Overflow in FTXT Encoder via format Parameter)