CVE-2020-27752

EUVD-2020-20256
A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
imagemagickimagemagick
𝑥
< 6.9.11-47
imagemagickimagemagick
7.0.0-0 ≤
𝑥
< 7.0.9-0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bookworm
8:6.9.11.60+dfsg-1.6+deb12u2
fixed
bookworm (security)
8:6.9.11.60+dfsg-1.6+deb12u1
fixed
bullseye
8:6.9.11.60+dfsg-1.3+deb11u4
fixed
bullseye (security)
8:6.9.11.60+dfsg-1.3+deb11u3
fixed
buster
ignored
sid
8:7.1.1.39+dfsg1-2
fixed
stretch
ignored
trixie
8:6.9.13.12+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
imagemagick
bionic
deferred
focal
deferred
groovy
ignored
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
needs-triage
xenial
deferred
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1894226
https://bugzilla.redhat.com/show_bug.cgi?id=1894226