CVE-2020-27750Divide By Zero in Imagemagick

CWE-369Divide By Zero10 documents7 sources
Severity
5.5MEDIUMNVD
OSV6.5
EPSS
0.1%
top 69.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickDebian Linux
Timeline
PublishedDec 8
Latest updateOct 15

Description

A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.24+dfsg-1 (bookworm)
NVDimagemagick/imagemagick7.0.0-07.0.8-68+1
Debianimagemagick/imagemagick< 8:6.9.11.24+dfsg-1+3
Ubuntuimagemagick/imagemagick< 8:6.8.9.9-7ubuntu5.16+esm2
CVEListV5imagemagick/imagemagickprior to 7.0.8-68

Also affects: Debian Linux 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-8gw8-pvf9-whfq: A flaw was found in ImageMagick in MagickCore/colorspace-private2022-05-24
OSV
imagemagick vulnerabilities2022-03-18
OSV
CVE-2020-27750: A flaw was found in ImageMagick in MagickCore/colorspace-private2020-12-08

📋Vendor Advisories

5
Ubuntu
ImageMagick vulnerabilities2024-10-15
Ubuntu
ImageMagick vulnerabilities2022-03-18
Ubuntu
ImageMagick vulnerabilities2021-06-15
Debian
CVE-2020-27750: imagemagick - A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCor...2020
Red Hat
ImageMagick: division by zero in MagickCore/colorspace-private.h2019-10-03

💬Community

1
Bugzilla
CVE-2020-27750 ImageMagick: division by zero in MagickCore/colorspace-private.h2020-10-27