Lucene search

PRIOn knowledge basePRION:CVE-2020-27770

HistoryDec 04, 2020 - 3:15 p.m.

Design/Logic Flaw

2020-12-0415:15:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.8%

JSON

Due to a missing check for 0 value of replace_extent, it is possible for offset p to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.

CPENameOperatorVersion
debian_linuxeq9.0
imagemagickeq< 6.9.10-68
imagemagickeq>= 7.0.00 AND < 7.0.868

Name	Operator	Version
debian_linux	eq	9.0
imagemagick	eq	< 6.9.10-68
imagemagick	eq	>= 7.0.00 AND < 7.0.868

References

bugzilla.redhat.com/show_bug.cgi?id=1894691

lists.debian.org/debian-lts-announce/2021/03/msg00030.html

lists.debian.org/debian-lts-announce/2023/03/msg00008.html