CVE-2020-27771

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.9-0

Description The issue is related to the RestoreMSCWarning() function in the /coders/pdf.c component of the ImageMagick console graphic editor. It is caused by an integer overflow value. This could allow a remote attacker to cause a denial of service using a specially crafted pdf file. The problem arises when ImageMagick processes a crafted pdf file, potentially leading to an impact on application availability. However, no specific impact was demonstrated in this case.

Recommendations For ImageMagick versions prior to 7.0.9-0, update to version 7.0.9-0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of crafted pdf files to minimize the risk of exploitation. Avoid using the GetPixelIndex() function in the affected /coders/pdf.c component until the issue is resolved.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2019-3182

ALT-PU-2020-1405

BDU:2021-03407

CVE-2020-27771

DLA-2602-1

DLA-3357-1

DLA-3357-2

OESA-2021-1148

OPENSUSE-SU-2021:0136-1

OPENSUSE-SU-2021:0148-1

OPENSUSE-SU-2021_0136-1

OPENSUSE-SU-2021_0148-1

SUSE-SU-2021:0153-1

SUSE-SU-2021:0156-1

SUSE-SU-2021:0199-1

SUSE-SU-2021:14598-1

SUSE-SU-2021_14598-1

USN-4988-1

USN-7068-1

Affected Products

Alt Linux

Astra Linux

Imagemagick

Linuxmint

Suse

Ubuntu

CVE-2020-27771

Weakness Enumeration

Related Identifiers

Affected Products

References · 366