CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25675
https://notcve.org/view.php?id=CVE-2020-25675
In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0. En las rutinas CropImage() y CropImageToTiles() del archivo MagickCore/transform.c, los cálculos de redondeo realizados en desplazamientos de píxeles sin restricciones provocaban un comportamiento indefinido en forma de desbordamiento de enteros y valores fuera de rango según lo informado por UndefinedBehaviorSanitizer. • https://bugzilla.redhat.com/show_bug.cgi?id=1891933 https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27757
https://notcve.org/view.php?id=CVE-2020-27757
A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. Un cálculo matemático de punto flotante en la función ScaleAnyToQuantum() del archivo /MagickCore/quantum-private.h, podría conducir a un comportamiento indefinido en forma de un valor fuera del rango de tipo unsigned long long. • https://bugzilla.redhat.com/show_bug.cgi?id=1894234 https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27754
https://notcve.org/view.php?id=CVE-2020-27754
In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69. En la función IntensityCompare() del archivo /magick/quantize.c, se presentan llamadas a PixelPacketIntensity() que podrían devolver valores desbordados a la persona que llama cuando ImageMagick procesa un archivo de entrada diseñado. Para mitigar esto, el parche introduce y utiliza la función ConstrainPixelIntensity(), que obliga a las intensidades de píxeles a estar dentro de los límites adecuados en caso de un desbordamiento. • https://bugzilla.redhat.com/show_bug.cgi?id=1894231 https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2020-29599 – ImageMagick: Shell injection via PDF password could result in arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-29599
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c. ImageMagick versiones anteriores a 6.9.11-40 y versiones 7.x anteriores a 7.0.10-40 maneja inapropiadamente la opción -authenticate, que permite establecer una contraseña para archivos PDF protegidos con contraseña. La contraseña controlada por el usuario no era escapada y saneada apropiadamente y, por lo tanto, fue posible inyectar comandos de shell adicionales por medio del archivo coders/pdf.c A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdf.c. • https://github.com/coco0x0a/CVE-2020-29599 https://github.com/ImageMagick/ImageMagick/discussions/2851 https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html https://security.gentoo.org/glsa/202101-36 https://access.redhat.com/security/cve/CVE-2020-29599 https://bugzilla.redhat.com/show_bug.cgi?id=1907456 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27773
https://notcve.org/view.php?id=CVE-2020-27773
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/gem-private.h. • https://bugzilla.redhat.com/show_bug.cgi?id=1898295 https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-369: Divide By Zero •