VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2020· Updated Aug 4, 2024

CVE-2020-25665

CVE-2020-25665

Description

Heap-buffer-overflow in ImageMagick's PALM coder (WritePALMImage) due to improper memory allocation could lead to out-of-bounds read.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Heap-buffer-overflow in ImageMagick's PALM coder (WritePALMImage) due to improper memory allocation could lead to out-of-bounds read.

Vulnerability

A heap-buffer-overflow vulnerability exists in the PALM image coder in coders/palm.c in ImageMagick. The function WritePALMImage() makes an improper call to AcquireQuantumMemory() that does not account for an offset of 256, leading to insufficient memory allocation and subsequent out-of-bounds read [1]. This flaw affects ImageMagick versions prior to 7.0.8-68 [1].

Exploitation

An attacker can exploit this vulnerability by supplying a specially crafted PALM image file. When processed by an affected version of ImageMagick, the improper memory allocation triggers an out-of-bounds read [1]. No authentication is required; the attack vector is through file processing.

Impact

Successful exploitation could result in an out-of-bounds read, potentially leading to a denial of service (crash) or disclosure of sensitive information [1]. The impact is primarily on reliability, but may have confidentiality implications depending on the memory layout.

Mitigation

The issue is fixed in ImageMagick version 7.0.8-68 [1]. The upstream patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory() [1]. Users should upgrade to the patched version. For Red Hat Enterprise Linux 5, 6, and 7, this flaw is out of support scope [1]. No workaround is documented.

References
  1. heap-based buffer overflow in WritePALMImage in coders/palm.c

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

40

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Improper call to AcquireQuantumMemory() in WritePALMImage() because the allocation size is not offset by 256, causing a heap-based buffer overflow."

Attack vector

An attacker can trigger the heap-based buffer overflow by supplying a crafted PALM image file to ImageMagick. When `WritePALMImage()` processes the image, it allocates insufficient memory via `AcquireQuantumMemory()` because the `bytes_per_row` value is not increased by 256. This causes an out-of-bounds read during subsequent pixel data processing, potentially leading to information disclosure or a crash.

Affected code

The vulnerability resides in the `WritePALMImage()` routine in `coders/palm.c`. The function makes an improper call to `AcquireQuantumMemory()` because the allocation size is not offset by 256, leading to a heap-based buffer overflow and out-of-bounds read later in the same routine.

What the fix does

The patch adds 256 to `bytes_per_row` in the call to `AcquireQuantumMemory()`. This ensures the allocated memory buffer is large enough to accommodate the row data plus the required 256-byte offset, preventing the subsequent out-of-bounds read. Without this correction, the routine reads beyond the allocated buffer, causing a heap-based buffer overflow.

Preconditions

  • inputThe attacker must supply a crafted PALM image file that triggers the insufficient memory allocation in WritePALMImage().
  • configThe victim must process the malicious image file using an affected version of ImageMagick (prior to 7.0.8-68).

Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.