CVE-2020-27756

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.9-0

Description The issue is related to the ParseMetaGeometry() function in the MagickCore/geometry.c component of the ImageMagick console graphic editor. It is caused by an incorrect implementation of the division operation, which can lead to a divide-by-zero condition and undefined behavior. This can be triggered by a specially crafted input file processed by ImageMagick, potentially impacting application availability. The flaw can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 7.0.9-0, update to version 7.0.9-0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ParseMetaGeometry() function until a patch is applied. Avoid using crafted input files that could trigger the divide-by-zero condition.