ImageMagick is vulnerable to an Integer Overflow in TIM decoder leading to out of bounds read (32-bit only)
Description
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 * width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), wrapping around to a small value. This results in a small heap allocation via AcquireQuantumMemory and later operations relying on the dimensions can trigger an out of bounds read. This issue is fixed in version 7.1.2-10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Magick.NET-Q16-AnyCPUNuGet | < 14.10.0 | 14.10.0 |
Magick.NET-Q16-HDRI-AnyCPUNuGet | < 14.10.0 | 14.10.0 |
Magick.NET-Q16-HDRI-x86NuGet | < 14.10.0 | 14.10.0 |
Magick.NET-Q16-x86NuGet | < 14.10.0 | 14.10.0 |
Magick.NET-Q8-AnyCPUNuGet | < 14.10.0 | 14.10.0 |
Magick.NET-Q8-x86NuGet | < 14.10.0 | 14.10.0 |
Affected products
33- osv-coords32 versionspkg:apk/chainguard/imagemagick-6-devpkg:apk/chainguard/imagemagick-6-docpkg:apk/chainguard/imagemagick-6-staticpkg:nuget/magick.net-q16-anycpupkg:nuget/magick.net-q16-hdri-anycpupkg:nuget/magick.net-q16-hdri-x86pkg:nuget/magick.net-q16-x86pkg:nuget/magick.net-q8-anycpupkg:nuget/magick.net-q8-x86pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ImageMagick&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 6.9.13.46-r1+ 31 more
- (no CPE)range: < 6.9.13.46-r1
- (no CPE)range: < 6.9.13.46-r1
- (no CPE)range: < 6.9.13.46-r1
- (no CPE)range: < 14.10.0
- (no CPE)range: < 14.10.0
- (no CPE)range: < 14.10.0
- (no CPE)range: < 14.10.0
- (no CPE)range: < 14.10.0
- (no CPE)range: < 14.10.0
- (no CPE)range: < 7.1.1.21-150600.3.32.1
- (no CPE)range: < 7.1.2.0-160000.5.1
- (no CPE)range: < 7.1.2.10-2.1
- (no CPE)range: < 7.0.7.34-150200.10.68.1
- (no CPE)range: < 7.0.7.34-150200.10.68.1
- (no CPE)range: < 7.1.0.9-150400.6.58.1
- (no CPE)range: < 7.1.0.9-150400.6.58.1
- (no CPE)range: < 7.1.0.9-150400.6.58.1
- (no CPE)range: < 7.1.0.9-150400.6.58.1
- (no CPE)range: < 7.1.1.43-150700.3.27.1
- (no CPE)range: < 7.1.1.43-150700.3.27.1
- (no CPE)range: < 6.8.8.1-71.218.1
- (no CPE)range: < 7.0.7.34-150200.10.68.1
- (no CPE)range: < 7.1.0.9-150400.6.58.1
- (no CPE)range: < 7.1.0.9-150400.6.58.1
- (no CPE)range: < 7.1.1.21-150600.3.32.1
- (no CPE)range: < 7.1.2.0-160000.5.1
- (no CPE)range: < 7.0.7.34-150200.10.68.1
- (no CPE)range: < 7.1.0.9-150400.6.58.1
- (no CPE)range: < 7.1.0.9-150400.6.58.1
- (no CPE)range: < 7.1.1.21-150600.3.32.1
- (no CPE)range: < 7.1.2.0-160000.5.1
- (no CPE)range: < 6.8.8.1-71.218.1
- Range: < 7.1.2-10
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-6hjr-v6g4-3fm8ghsaADVISORY
- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hjr-v6g4-3fm8ghsax_refsource_CONFIRMWEB
- github.com/dlemstra/Magick.NET/commit/2dfa08e15cfd11016a79615994787b14f9048b1cghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.