ImageMagick: Stack overflow in fx operation

Vulnerability

A stack overflow vulnerability exists in the fx operation of ImageMagick due to a missing depth check when processing crafted arguments. This affects ImageMagick versions prior to 14.13.1 (for Magick.NET packages) and likely the core library. The fx operation is used for evaluating expressions on images, and deeply nested or recursive calls can overflow the stack if not properly limited. [1][2]

Exploitation

An attacker can trigger this vulnerability by providing a specially crafted image or argument that causes excessive recursion in the fx operation. No authentication or user interaction is required; the attacker only needs to submit the malicious input to an application using ImageMagick. Network access is sufficient for remote exploitation. [2][3]

Impact

Successful exploitation leads to a stack overflow, resulting in a denial of service (DoS) condition. The application may crash or become unresponsive. Based on advisory details, the vulnerability may also potentially allow information disclosure or code execution under certain conditions, though the primary impact is availability. [2][3]

Mitigation

The vulnerability is fixed in ImageMagick version 14.13.1 and later for the affected NuGet packages. Users should update to the latest version. For the core ImageMagick library, check for updates or apply workarounds such as limiting the depth of fx expressions or using a security policy to restrict operations. No known workarounds are provided in the references. [2]