CVE-2020-27754
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.
En la función IntensityCompare() del archivo /magick/quantize.c, se presentan llamadas a PixelPacketIntensity() que podrían devolver valores desbordados a la persona que llama cuando ImageMagick procesa un archivo de entrada diseñado. Para mitigar esto, el parche introduce y utiliza la función ConstrainPixelIntensity(), que obliga a las intensidades de píxeles a estar dentro de los límites adecuados en caso de un desbordamiento. Este fallo afecta a ImageMagick versiones anteriores a 6.9.10-69 y 7.0.8-69
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-27 CVE Reserved
- 2020-12-08 CVE Published
- 2023-08-24 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1894231 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Imagemagick Search vendor "Imagemagick" | Imagemagick Search vendor "Imagemagick" for product "Imagemagick" | < 6.9.10-69 Search vendor "Imagemagick" for product "Imagemagick" and version " < 6.9.10-69" | - |
Affected
| ||||||
Imagemagick Search vendor "Imagemagick" | Imagemagick Search vendor "Imagemagick" for product "Imagemagick" | >= 7.0.8 < 7.0.8-69 Search vendor "Imagemagick" for product "Imagemagick" and version " >= 7.0.8 < 7.0.8-69" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|