CVE-2020-10938Integer Overflow or Wraparound in Graphicsmagick

CWE-190Integer Overflow or WraparoundCWE-787Out-of-bounds Write10 documents8 sources
Severity
9.8CRITICALNVD
EPSS
2.9%
top 13.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GraphicsmagickDebian LinuxOpensuse Backports+1 more
Timeline
PublishedMar 24
Latest updateAug 30

Description

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

Debiangraphicsmagick/graphicsmagick< 1.4+really1.3.34-1+3
NVDopensuse/leap15.1
NVDopensuse/backportssle-15

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-83jj-67jw-3xvv: GraphicsMagick before 12022-05-24
CVEList
CVE-2020-10938: GraphicsMagick before 12020-03-24
OSV
CVE-2020-10938: GraphicsMagick before 12020-03-24

📋Vendor Advisories

2
Ubuntu
GraphicsMagick vulnerabilities2022-08-30
Debian
CVE-2020-10938: graphicsmagick - GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based bu...2020

💬Community

4
HackerOne
CVE-2020-10938-buffer overflow/out-of-bounds write in compress.c:HuffmanDecodeImage()2021-08-22
Bugzilla
CVE-2020-10938 GraphicsMagick: integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c [epel-all]2020-04-29
Bugzilla
CVE-2020-10938 GraphicsMagick: integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c [fedora-all]2020-04-29
Bugzilla
CVE-2020-10938 GraphicsMagick: integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c2020-04-29