CVE-2020-27776

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.9-0

Description A flaw was found in ImageMagick in MagickCore/statistic.c, related to an integer overflow. This issue allows a remote attacker to cause a denial of service by submitting a specially crafted file, potentially leading to undefined behavior, including values outside the range of type unsigned long, which could impact application availability.

Recommendations For versions prior to 7.0.9-0, update to version 7.0.9-0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of crafted files by ImageMagick until a patch is applied.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2019-3182

ALT-PU-2020-1405

BDU:2023-02644

CVE-2020-27776

DLA-2602-1

DLA-3357-1

DLA-3357-2

OPENSUSE-SU-2021:0136-1

OPENSUSE-SU-2021:0148-1

OPENSUSE-SU-2021_0136-1

OPENSUSE-SU-2021_0148-1

SUSE-SU-2021:0153-1

SUSE-SU-2021:0156-1

SUSE-SU-2021:0199-1

USN-4988-1

USN-7068-1

Affected Products

Alt Linux

Astra Linux

Imagemagick

Linuxmint

Suse

Ubuntu

CVE-2020-27776

Weakness Enumeration

Related Identifiers

Affected Products

References · 152