CVE-2020-27764

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.10-69

Description The issue is related to the ApplyEvaluateOperator() function in the /MagickCore/statistic.c component of ImageMagick, where a size t cast should have been a ssize t cast. This causes out-of-range values when a crafted input file is processed, potentially leading to an impact on application availability. The flaw can be exploited by a remote attacker using a specially crafted file, allowing them to cause a denial of service. No specific impact was shown in this case, and Red Hat Product Security marked this as Low severity.

Recommendations For ImageMagick versions prior to 6.9.10-69, update to version 6.9.10-69 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ApplyEvaluateOperator() function until a patch is available. Avoid using crafted input files that could exploit this flaw.