CVE-2020-27764

2020-11-2419:54:13

redhat.com

access.redhat.com

insecure casting

imagemagick

applyevaluateoperator

crafted input file

EPSS

0.001

Percentile

35.1%

JSON

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick.

References

bugzilla.redhat.com/show_bug.cgi?id=1894683

github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5

nvd.nist.gov/vuln/detail/CVE-2020-27764

www.cve.org/CVERecord?id=CVE-2020-27764

EPSS

0.001

Percentile

35.1%

JSON

Related for RH:CVE-2020-27764