CVE-2020-27768 — Integer Overflow or Wraparound in Imagemagick

CWE-190 — Integer Overflow or Wraparound8 documents7 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 80.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick Debian Linux

Timeline

PublishedFeb 23

Latest updateOct 15

Description

In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.11.24+dfsg-1 (bookworm)

▶NVDimagemagick/imagemagick< 7.0.9-0

▶Debianimagemagick/imagemagick< 8:6.9.11.24+dfsg-1+3

▶CVEListV5imagemagick/imagemagickImageMagick prior to 7.0.9-0

Also affects: Debian Linux 9.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-gmwp-vj4h-cq95: In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private↗2022-05-24

▶

OSV

CVE-2020-27768: In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private↗2021-02-23

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2024-10-15

▶

Ubuntu

ImageMagick vulnerabilities↗2021-06-15

▶

Debian

CVE-2020-27768: imagemagick - In ImageMagick, there is an outside the range of representable values of type 'u...↗2020

▶

Red Hat

ImageMagick: outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h↗2019-10-13

▶

💬Community

Bugzilla

CVE-2020-27768 ImageMagick: outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h↗2020-11-04

▶