CVE-2020-27751Integer Overflow or Wraparound in Imagemagick

CWE-190Integer Overflow or Wraparound7 documents7 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 75.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickDebian Linux
Timeline
PublishedDec 8
Latest updateMay 24

Description

A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.24+dfsg-1 (bookworm)
NVDimagemagick/imagemagick7.0.0-07.0.9-0+1
Debianimagemagick/imagemagick< 8:6.9.11.24+dfsg-1+3
CVEListV5imagemagick/imagemagickprior to 7.0.9-0

Also affects: Debian Linux 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-36mr-q5jp-rfp3: A flaw was found in ImageMagick in MagickCore/quantum-export2022-05-24
OSV
CVE-2020-27751: A flaw was found in ImageMagick in MagickCore/quantum-export2020-12-08

📋Vendor Advisories

3
Ubuntu
ImageMagick vulnerabilities2021-06-15
Debian
CVE-2020-27751: imagemagick - A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who ...2020
Red Hat
ImageMagick: integer overflow in MagickCore/quantum-export.c2019-10-07

💬Community

1
Bugzilla
CVE-2020-27751 ImageMagick: integer overflow in MagickCore/quantum-export.c2020-10-27