YoyaWiki

• 追加された行はこの色です。
• 削除された行はこの色です。
• CVE-2025-55154 へ行く。
• CVE-2025-55154 の差分を削除

#author("2025-08-13T16:36:43+00:00","default:yoya","yoya")
#author("2025-08-15T03:40:16+00:00","default:yoya","yoya")
[[CVE/ImageMagick]]

- https://www.cve.org/CVERecord?id=CVE-2025-55154

 Title: ImageMagick: integer overflows in MNG magnification

>
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.


- [BIGSLEEP-435153105] imagemagick: integer overflows in MNG magnification
--  https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82

>
If we look at the calculation for magnified_width, we can see that we are storing the results in a png_uint32. The operations at [0] and [1] are safe, since mng_info->magn_ml and mng_info->magn_mx are both 16-bit unsigned integers, but both the multiplication at [2] and the addition of the result of that multiplication to magnified_width can overflow, leading to a value of magnified_width that is smaller than required.