ImageMagick has heap buffer over-read in MAP image decoder

Vulnerability

Analysis

A heap buffer over-read vulnerability exists in the MAP image decoder within ImageMagick, a widely used open-source image processing suite [1]. The issue, present in versions prior to 7.1.2-15 and 6.9.13-40, occurs when the decoder processes specially crafted MAP files. The root cause is an insufficient validation of the colormap index calculation; when the image depth is 8 bits or less and the number of colors exceeds 256, the index shift operation can read beyond the allocated heap buffer [2][4].，4].

Attack

Vector

Exploitation requires an attacker to open a malformed MAP file via ImageMagick's command-line tools or an application using the library. No special privileges are needed, as the attack surface is local, either by a user opening a file or through automated processing of user-supplied images. The crafted file can trigger the over-read during the decoding phase, potentially leaking adjacent heap memory or causing a crash [2].

Impact

An attacker could crash the application (denial of service) or, more concerning, read unintended heap memory contents, which may include sensitive data from other processes or memory regions. The vulnerability is classified as a heap buffer over-read and is listed in the advisory as GHSA-42p5-62qq-mmh7 [3].

Mitigation

The vulnerability is patched in ImageMagick versions 7.1.2-15 and 6.9.13-40 [2]. Users should update immediately. The fix adds a boundary check to reject images with a depth ≤ 8 bits and colors > 256 [4]. No public evidence of active exploitation has been reported as of the publication date.