What the vulnerability does

01Description

An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.

Key dates

02Disclosure timeline

August 25, 2022 CVE published
August 3, 2024 Record updated