PT-2020-5512 · Imagemagick+2 · Imagemagick+2

Guilherme De Almeida Suckevicz

Published

2020-12-08

Updated

2021-05-30

CVE-2020-27752

CVSS v2.0

7.8

High

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.9-0

Description A flaw was found in ImageMagick in MagickCore/quantum-private.h, which could trigger a heap buffer overflow when an attacker submits a crafted file that is processed by ImageMagick. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well.

Recommendations For ImageMagick versions prior to 7.0.9-0, update to version 7.0.9-0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of crafted files to minimize the risk of exploitation. Avoid using the vulnerable function in MagickCore/quantum-private.h until a patch is available.

Exploit

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

ALT-PU-2021-1001

ALT-PU-2021-1440

BDU:2021-01009

CVE-2020-27752

OESA-2021-1198

OPENSUSE-SU-2021:0136-1

OPENSUSE-SU-2021:0148-1

OPENSUSE-SU-2021_0136-1

OPENSUSE-SU-2021_0148-1

SUSE-SU-2021:0153-1

SUSE-SU-2021:0156-1

SUSE-SU-2021:0199-1

SUSE-SU-2021:14598-1

SUSE-SU-2021_14598-1

Affected Products

Alt Linux

Imagemagick

Suse

PT-2020-5512 · Imagemagick+2 · Imagemagick+2

CVE-2020-27752

Weakness Enumeration

Related Identifiers

Affected Products

References · 103