Description
ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution.
Problem types
Product status
Any version before 7.1.2-26
7.1.2-26 (semver)
Any version before 6.9.13-51
6.9.13-51 (semver)
Credits
RigelYoung
References
github.com/...Magick/security/advisories/GHSA-qvxh-prvr-85w2 (GitHub Security Advisory (GHSA-qvxh-prvr-85w2))
www.vulncheck.com/...6-use-after-free-in-formatmagickcaption (VulnCheck Advisory: ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption)