CVE-2020-27769 — Integer Overflow or Wraparound in Imagemagick

CWE-190 — Integer Overflow or Wraparound9 documents8 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 75.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Fedoraproject Fedora Redhat Enterprise Linux Desktop

Timeline

PublishedMay 14

Latest updateOct 15

Description

In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶NVDimagemagick/imagemagick< 7.0.9-0

▶Debianimagemagick/imagemagick< 8:6.9.11.24+dfsg-1+3

▶CVEListV5imagemagick/imagemagickImageMagick versions before 7.0.9-0

▶NVDredhat/enterprise_linux_desktop5.0, 6.0, 7.0+2

Also affects: Fedora 33

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-5q3f-hrrv-3qfw: In ImageMagick versions before 7↗2022-05-24

▶

OSV

CVE-2020-27769: In ImageMagick versions before 7↗2021-05-14

▶

CVEList

CVE-2020-27769: In ImageMagick versions before 7↗2021-05-14

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2024-10-15

▶

Ubuntu

ImageMagick vulnerabilities↗2021-06-15

▶

Debian

CVE-2020-27769: imagemagick - In ImageMagick versions before 7.0.9-0, there are outside the range of represent...↗2020

▶

Red Hat

ImageMagick: outside the range of representable values of type 'float' at MagickCore/quantize.c↗2019-10-10

▶

💬Community

Bugzilla

CVE-2020-27769 ImageMagick: outside the range of representable values of type 'float' at MagickCore/quantize.c↗2020-11-04

▶