CVE-2020-27754

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.10-69 and 7.0.8-69

Description The issue is related to the IntensityCompare() function in the /magick/quantize.c file of the ImageMagick console graphic editor, which is associated with an integer overflow. This can be exploited by a remote attacker using a specially crafted file, potentially leading to a denial of service. The flaw is mitigated by introducing the ConstrainPixelIntensity() function, which ensures pixel intensities are within proper bounds in case of an overflow.

Recommendations For versions prior to 6.9.10-69 and 7.0.8-69, update to version 6.9.10-69 or 7.0.8-69, or later, to resolve the issue. As a temporary workaround, consider restricting the use of the IntensityCompare() function in /magick/quantize.c until a patch is applied. Additionally, avoid using the PixelPacketIntensity() function with crafted input files to minimize the risk of exploitation.