What the vulnerability does

01Description

Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.

Key dates

02Disclosure timeline

December 4, 2020 CVE published
August 4, 2024 Record updated