PT-2020-5523 · Imagemagick+5 · Imagemagick+5

Guilherme De Almeida Suckevicz

Published

2019-11-25

Updated

2024-10-15

CVE-2020-27753

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.9-0

Description The issue is related to several memory leaks in the MIFF coder due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. The problem lies in the MIFF coder, which incorrectly handles data being passed to AcquireMagickMemory().

Recommendations For ImageMagick versions prior to 7.0.9-0, update to version 7.0.9-0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the MIFF coder until a patch is available. Avoid using the MIFF coder with specially crafted input files that could trigger the memory leaks.

Exploit

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2019-3182

ALT-PU-2020-1405

BDU:2021-01036

CVE-2020-27753

OESA-2021-1219

OPENSUSE-SU-2021:0136-1

OPENSUSE-SU-2021:0148-1

OPENSUSE-SU-2021_0136-1

OPENSUSE-SU-2021_0148-1

SUSE-SU-2021:0153-1

SUSE-SU-2021:0156-1

SUSE-SU-2021:0199-1

SUSE-SU-2021:14598-1

SUSE-SU-2021_14598-1

USN-4988-1

USN-5335-1

USN-7068-1

Affected Products

Alt Linux

Astra Linux

Imagemagick

Linuxmint

Suse

Ubuntu

PT-2020-5523 · Imagemagick+5 · Imagemagick+5

CVE-2020-27753

Weakness Enumeration

Related Identifiers

Affected Products

References · 147