rmagick is vulnerable to Heap-based Buffer Overflow
65
Medium Risk
rmagick is a Ruby binding for ImageMagick whose C extension sizes and dereferences native buffers without validating caller input. Image#dispatch, Image#export_pixels, and Image#export_pixels_to_str compute a pixel buffer size as columns times rows times channels in unsigned arithmetic with no overflow check, so large dimensions wrap the product and allocate an undersized buffer that ImageMagick then overruns, corrupting the heap. Related methods crash the process when a Draw object is used before initialization, when Draw#primitive receives a non-string argument, or when Image, Pixel, or Draw marshal loading receives a non-collection payload from untrusted marshaled data. The fix adds an overflow check on the buffer size computation plus type and initialization guards so these cases raise Ruby exceptions instead of performing unsafe native memory access.
You are affected if you are using a version that falls within the vulnerable range and your application passes untrusted dimensions, argument types, or marshaled data into the affected rmagick methods.
rmagick is vulnerable to Heap-based Buffer Overflow in versions 1.7.1 - 7.0.4.
Upgrade the rmagick library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant