CVE-2020-27751

CVE-2020-27751

Name

CVE-2020-27751

Description

A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://bugzilla.redhat.com/show_bug.cgi?id=1891994
MLIST	https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html

Type

URI

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=1891994

MLIST

https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:imagemagick:imagemagick::::::::`	imagemagick	>= None	< 7.0.9-0
`cpe:2.3:a:imagemagick:imagemagick::::::::`	imagemagick	>= None	< 6.9.10-69
`cpe:2.3:a:imagemagick:imagemagick::::::::`	imagemagick	>= 7.0.0-0	< 7.0.9-0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

imagemagick

>= None

< 7.0.9-0

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

imagemagick

>= None

< 6.9.10-69

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

imagemagick

>= 7.0.0-0

< 7.0.9-0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
imagemagick	edge-community	7.0.9.7-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.8.62-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.8.56-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.8.53-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.8.44-r0	None	possibly vulnerable
imagemagick	edge-community	7.0.8.38-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.9.7-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.8.62-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.8.56-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.8.53-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.8.44-r0	None	possibly vulnerable
imagemagick	3.22-community	7.0.8.38-r0	None	possibly vulnerable
imagemagick	3.10-main	7.0.8.68-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

imagemagick

edge-community

7.0.9.7-r0

None

possibly vulnerable

imagemagick

edge-community