ImageMagick has a stack buffer overflow in MagnifyImage

Vulnerability

Overview The vulnerability resides in the MagnifyImage function of ImageMagick, a widely-used open-source image processing suite. The function allocates a fixed-size buffer on the stack without proper bounds checking, and when processing a specially crafted image, it overwrites adjacent stack memory. This stack buffer overflow can corrupt critical data, potentially leading to arbitrary code execution or system instability. The issue affects ImageMagick versions prior to 7.1.2-16 and 6.9.13-41 [1][2].

Exploitation

An attacker can exploit this vulnerability by supplying a malicious image file to ImageMagick via any interface that triggers the MagnifyImage function. The attack can be performed remotely, requires no authentication, and no user interaction beyond processing the image (e.g., via web uploads or automated scripts). The attack complexity is low, as the overflow can be triggered with a crafted image that exceeds the expected buffer size [4].

Impact

Successful exploitation allows an attacker to corrupt the stack, which can lead to arbitrary code execution in the context of the ImageMagick process. This could enable further compromise of the system, including data theft, denial of service, or full system takeover. The CVSS score (not yet assigned by NIST) likely reflects high impacts on confidentiality, integrity, and availability due to the severity of stack corruption [4].

Mitigation

The vulnerability is patched in ImageMagick versions 7.1.2-16 and 6.9.13-41. Users are strongly advised to update their installations immediately. The fix is included in downstream packages such as Magick.NET 14.10.4 [3]. As a workaround, administrators can implement a security policy to restrict the use of MagnifyImage or avoid processing untrusted images until upgrading.