CVE-2020-27761

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.9-0

Description The issue is related to the WritePALMImage() function in the /coders/palm.c component of the ImageMagick console graphic editor. It is associated with an integer overflow value. Exploitation of the issue could allow a remote attacker to cause a denial of service. The problem arises from size t casts in several areas of a calculation, which could lead to values outside the range of the representable type unsigned long, resulting in undefined behavior when a crafted input file is processed by ImageMagick.

Recommendations For versions prior to 7.0.9-0, update to ImageMagick 7.0.9-0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the WritePALMImage() function in the /coders/palm.c component until a patch is applied.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2019-3182

ALT-PU-2020-1405

BDU:2021-03421

CVE-2020-27761

DLA-2602-1

DLA-3357-1

DLA-3357-2

OESA-2021-1007

OPENSUSE-SU-2021:0136-1

OPENSUSE-SU-2021:0148-1

OPENSUSE-SU-2021_0136-1

OPENSUSE-SU-2021_0148-1

SUSE-SU-2021:0153-1

SUSE-SU-2021:0156-1

SUSE-SU-2021:0199-1

SUSE-SU-2021:14598-1

SUSE-SU-2021_14598-1

USN-4988-1

USN-7068-1

Affected Products

Alt Linux

Astra Linux

Imagemagick

Linuxmint

Suse

Ubuntu

CVE-2020-27761

Weakness Enumeration

Related Identifiers

Affected Products

References · 363