CVE-2020-27775Integer Overflow or Wraparound in Imagemagick

CWE-190Integer Overflow or Wraparound7 documents6 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 75.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ImagemagickDebian ImagemagickDebian Linux+1 more
Timeline
PublishedDec 4
Latest updateOct 15

Description

A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.24+dfsg-1 (bookworm)
NVDimagemagick/imagemagick7.0.0-07.0.9+1
Debianimagemagick/imagemagick< 8:6.9.11.24+dfsg-1+3
CVEListV5imagemagick/imagemagickImageMagick 7.0.9-0

Also affects: Debian Linux 9.0, Enterprise Linux 5.0, 6.0, 7.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-w8hf-qrcp-4jjr: A flaw was found in ImageMagick in MagickCore/quantum2022-05-24
OSV
CVE-2020-27775: A flaw was found in ImageMagick in MagickCore/quantum2020-12-04

📋Vendor Advisories

4
Ubuntu
ImageMagick vulnerabilities2024-10-15
Ubuntu
ImageMagick vulnerabilities2021-06-15
Debian
CVE-2020-27775: imagemagick - A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits...2020
Red Hat
ImageMagick: outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h2019-10-09
CVE-2020-27775 — Integer Overflow or Wraparound | cvebase