CVE-2025-55160 の変更点

追加された行はこの色です。
削除された行はこの色です。
CVE-2025-55160 へ行く。
CVE-2025-55160 の差分を削除

#author("2025-08-28T16:06:08+00:00","default:yoya","yoya")
#author("2025-08-28T16:06:45+00:00","default:yoya","yoya")
[[CVE/ImageMagick]]

- https://www.cve.org/CVERecord?id=CVE-2025-55160

 Title: ImageMagick Undefined Behavior (function-type-mismatch) in CloneSplayTree

>
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x

 printf '\x1c\x02' > poc.bin
 ./harness_ImageMagick_... -runs=1 ./poc.bin

<< 2025.12 >>
日	月	火	水	木	金	土
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

YoyaWiki

最新の20件