{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T22:23:01.490","vulnerabilities":[{"cve":{"id":"CVE-2020-25663","sourceIdentifier":"secalert@redhat.com","published":"2020-12-08T21:15:12.420","lastModified":"2024-11-21T05:18:23.650","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0."},{"lang":"es","value":"Una llamada a la función ConformPixelInfo() en la rutina SetImageAlphaChannel() del archivo /MagickCore/channel.c, causó una LECTURA de uso de la memoria previamente liberada de la pila o desbordamiento del búfer de la pila, cuando se llamó a las funciones GetPixelRed() o GetPixelBlue(). Esto podría ocurrir si un atacante es capaz de enviar un archivo de imagen malicioso para que sea procesado por ImageMagick y podría conllevar a una denegación de servicio. Probablemente no conllevaría a nada más porque la memoria es usada como datos de píxeles y no, por ejemplo, como un puntero de función. Este fallo afecta a ImageMagick versiones anteriores a 7.0.9-0"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.8-56","matchCriteriaId":"A8FFBE52-1112-43E2-BC1B-D1388F18988C"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1891601","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/1723","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/1723#issuecomment-718275153","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1891601","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/1723","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/1723#issuecomment-718275153","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}