CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27750
https://notcve.org/view.php?id=CVE-2020-27750
A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. Se encontró un fallo en ImageMagick en el archivo MagickCore/colorspace-private.h y MagickCore/quantum.h. • https://bugzilla.redhat.com/show_bug.cgi?id=1891984 https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25674
https://notcve.org/view.php?id=CVE-2020-25674
WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. • https://bugzilla.redhat.com/show_bug.cgi?id=1891928 https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-27751
https://notcve.org/view.php?id=CVE-2020-27751
A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/quantum-export.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1891994 https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27756
https://notcve.org/view.php?id=CVE-2020-27756
In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0. En la función ParseMetaGeometry() del archivo MagickCore/geometry.c, los cálculos de altura y ancho de la imagen pueden conllevar a condiciones de división por cero que también conllevan a un comportamiento indefinido. • https://bugzilla.redhat.com/show_bug.cgi?id=1894233 https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2020-29599 – ImageMagick: Shell injection via PDF password could result in arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-29599
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c. ImageMagick versiones anteriores a 6.9.11-40 y versiones 7.x anteriores a 7.0.10-40 maneja inapropiadamente la opción -authenticate, que permite establecer una contraseña para archivos PDF protegidos con contraseña. La contraseña controlada por el usuario no era escapada y saneada apropiadamente y, por lo tanto, fue posible inyectar comandos de shell adicionales por medio del archivo coders/pdf.c A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdf.c. • https://github.com/coco0x0a/CVE-2020-29599 https://github.com/ImageMagick/ImageMagick/discussions/2851 https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html https://security.gentoo.org/glsa/202101-36 https://access.redhat.com/security/cve/CVE-2020-29599 https://bugzilla.redhat.com/show_bug.cgi?id=1907456 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-91: XML Injection (aka Blind XPath Injection) •