Lucene search

[email protected]NVD:CVE-2020-27560

HistoryOct 22, 2020 - 2:15 p.m.

CVE-2020-27560

2020-10-2214:15:13

CWE-369

[email protected]

web.nvd.nist.gov

imagemagick

division by zero

optimizelayerframes

magickcore

layer.c

denial of service

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

34.0%

JSON

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.

Affected configurations

Nvd

Node

imagemagickimagemagickMatch7.0.10-34

Node

debiandebian_linuxMatch9.0

Node

opensuseleapMatch15.2

VendorProductVersionCPE
imagemagickimagemagick7.0.10-34cpe:2.3:a:imagemagick:imagemagick:7.0.10-34:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
opensuseleap15.2cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
imagemagick	imagemagick	7.0.10-34	cpe:2.3:a:imagemagick:imagemagick:7.0.10-34:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
opensuse	leap	15.2	cpe:2.3:o:opensuse:leap:15.2:::::::*