Lucene search

RedhatCVE-2020-27751

HistoryDec 08, 2020 - 10:15 p.m.

CVE-2020-27751

2020-12-0822:15:17

CWE-190

redhat

web.nvd.nist.gov

224

imagemagick

cve-2020-27751

vulnerability

security

nvd

image processing

undefined behavior

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

4.7

Confidence

Low

EPSS

0.001

Percentile

33.5%

JSON

A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

Affected configurations

Nvd

Vulners

Node

imagemagickimagemagickRange<6.9.10-69

imagemagickimagemagickRange7.0.0-0–7.0.9-0

Node

debiandebian_linuxMatch9.0

VendorProductVersionCPE
imagemagickimagemagick*cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
imagemagick	imagemagick	*	cpe:2.3:a:imagemagick:imagemagick::::::::
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "ImageMagick",
    "versions": [
      {
        "version": "prior to 7.0.9-0",
        "status": "affected"
      }
    ]
  }
]