CVE-2020-27757Integer Overflow or Wraparound in Imagemagick

CWE-190Integer Overflow or Wraparound7 documents7 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 68.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickDebian Linux
Timeline
PublishedDec 8
Latest updateMay 24

Description

A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects Imag

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.24+dfsg-1 (bookworm)
NVDimagemagick/imagemagick7.0.0-07.0.8-68+1
Debianimagemagick/imagemagick< 8:6.9.11.24+dfsg-1+3
CVEListV5imagemagick/imagemagickprior to 7.0.8-68

Also affects: Debian Linux 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-4j97-qmhm-9528: A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private2022-05-24
OSV
CVE-2020-27757: A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private2020-12-08

📋Vendor Advisories

3
Ubuntu
ImageMagick vulnerabilities2021-06-15
Debian
CVE-2020-27757: imagemagick - A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-...2020
Red Hat
ImageMagick: outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h2019-10-03

💬Community

1
Bugzilla
CVE-2020-27757 ImageMagick: outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h2020-11-03