CVE-2020-27759

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.8-68

Description The issue is related to the IntensityCompare() function in the /MagickCore/quantize.c component of ImageMagick, where a double value is casted to int and returned, potentially causing a value outside the range of type int to be returned. This flaw can be triggered by a crafted input file under certain conditions when processed by ImageMagick, potentially leading to an impact on application availability. Although no specific impact was shown, Red Hat Product Security marked this as Low severity.

Recommendations For versions prior to 7.0.8-68, update to version 7.0.8-68 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted input files to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2019-3182

ALT-PU-2020-1405

BDU:2021-03419

CVE-2020-27759

DLA-2602-1

DLA-3357-1

DLA-3357-2

OESA-2021-1007

OPENSUSE-SU-2021:0136-1

OPENSUSE-SU-2021:0148-1

OPENSUSE-SU-2021_0136-1

OPENSUSE-SU-2021_0148-1

SUSE-SU-2021:0153-1

SUSE-SU-2021:0156-1

SUSE-SU-2021:0199-1

SUSE-SU-2021:14598-1

SUSE-SU-2021_14598-1

USN-4988-1

USN-7068-1

Affected Products

Alt Linux

Astra Linux

Imagemagick

Linuxmint

Suse

Ubuntu

CVE-2020-27759

Weakness Enumeration

Related Identifiers

Affected Products

References · 363