CVE-2020-27754 — Integer Overflow or Wraparound in Imagemagick

CWE-190 — Integer Overflow or Wraparound8 documents7 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 75.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick Debian Linux

Timeline

PublishedDec 8

Latest updateOct 15

Description

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.11.24+dfsg-1 (bookworm)

▶NVDimagemagick/imagemagick7.0.8 — 7.0.8-69+1

▶Debianimagemagick/imagemagick< 8:6.9.11.24+dfsg-1+3

▶CVEListV5imagemagick/imagemagickprior to 6.9.10-69, prior to 7.0.8-69+1

Also affects: Debian Linux 9.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-568w-cwq2-w5pj: In IntensityCompare() of /magick/quantize↗2022-05-24

▶

OSV

CVE-2020-27754: In IntensityCompare() of /magick/quantize↗2020-12-08

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2024-10-15

▶

Ubuntu

ImageMagick vulnerabilities↗2021-06-15

▶

Debian

CVE-2020-27754: imagemagick - In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketInten...↗2020

▶

Red Hat

ImageMagick: outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c↗2019-10-14

▶

💬Community

Bugzilla

CVE-2020-27754 ImageMagick: outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c↗2020-11-03

▶