Potential Out-of-bounds Write

[7erryX]

ImageMagick version

Operating system

Linux

Operating system, version and so on

Description

CVE-2019-13307

AcquirePixelThreadSet(const Image *images) in magick/statistic.c once caused CVE-2019-13307 and fixed in Commit 91e58d9.

Recurring vulnerabilities

The same issues also advent in

• AcquirePixelTLS in magick/profile.c
• AcquirePixelTLS in magick/quantize.c
• AcquirePixelListTLS in magick/statistic.c

where use GetMagickResourceLimit directly. Would it make sense to fix them in the same way?

Thank you for spending time reading this issue. Apologies if I missed anything

Steps to Reproduce

Images

[urban-warrior]

Thanks for reporting this potential bug in ImageMagick.

To help the community investigate and resolve it more effectively, could you share a minimal, self-contained example that reproduces the issue?

A minimal case should include:

• The exact command(s) you're running
• A small input image (if relevant)
• The expected vs. actual output
• Your ImageMagick version and platform

This makes it much easier for others to replicate the problem and suggest a fix. Even if you're not sure what's causing it, narrowing it down helps a lot!