ImageMagick-6.9.10.68-7.0.5.el7.AXS7
エラータID: AXSA:2025-10911:02
リリース日:
2025/10/02 Thursday - 12:03
題名:
ImageMagick-6.9.10.68-7.0.5.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- ImageMagick には、スタックベースのバッファオーバーフローの問題
があるため、リモートの攻撃者により、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-53101)
- ImageMagick には、整数オーバーフローの問題があるため、リモート
の攻撃者により、メモリ破壊を可能とする脆弱性が存在します。
(CVE-2025-55154)
- ImageMagick には、ゼロ除算の問題があるため、リモートの攻撃者
により、サービス拒否攻撃 (クラッシュの発生) を可能とする脆弱性が
存在します。(CVE-2025-55212)
- ImageMagick には、ヒープベースのバッファオーバーフローの問題が
あるため、ローカルの攻撃者により、任意のコードの実行を可能とする
脆弱性が存在します。(CVE-2025-55298)
- ImageMagick には、ヒープベースのバッファオーバーフローの問題
があるため、リモートの攻撃者により、任意のコードの実行、および
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-57803)
- ImageMagick には、メモリ領域の境界外書き込みの問題があるため、
ローカルの攻撃者により、情報の漏洩、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-57807)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-53101
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
CVE-2025-57807
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
CVE-2025-55154
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
CVE-2025-55212
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
CVE-2025-55298
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
CVE-2025-57803
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- ImageMagick-6.9.10.68-7.0.5.el7.AXS7.i686.rpm
MD5: 960a2622dec2ef4a2cae235875133595
SHA-256: 8fdc66cc235c4deebb69dd7e17fad92c5191e590524f4ffdb14ca9608c38df30
Size: 2.29 MB - ImageMagick-6.9.10.68-7.0.5.el7.AXS7.x86_64.rpm
MD5: 0fb8669407c0b65258b6550d11b90124
SHA-256: 536ac4508a223adf9eb6b46e37b3f3084984bf5a649837ade4e92e1363a7fc06
Size: 2.34 MB - ImageMagick-c++-6.9.10.68-7.0.5.el7.AXS7.i686.rpm
MD5: 2141ecd666bc63ac94759cde5663ec11
SHA-256: 4e9635ba973312806eb98997d6bcb6a380fa336df0409dfe699d814b87d1535a
Size: 177.43 kB - ImageMagick-c++-6.9.10.68-7.0.5.el7.AXS7.x86_64.rpm
MD5: 69f372f6865119ab6ade8c62d42d5772
SHA-256: 492ddc7ca8b17f6071b978ae9cd528d1bee26c759c9efe13aed3f12ee7b0b88a
Size: 168.86 kB - ImageMagick-perl-6.9.10.68-7.0.5.el7.AXS7.x86_64.rpm
MD5: 128346058d2816934de082e7c8f06daf
SHA-256: 95034f416dceb04188ad3b5516644d03eaba8e80651ef72886f8c2e0cd1ca3af
Size: 154.71 kB
English