Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-13902

Опубликовано: 07 июн. 2020
Источник: debian
EPSS Низкий

Описание

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
imagemagickfixed8:6.9.11.24+dfsg-1package
imagemagicknot-affectedbusterpackage
imagemagicknot-affectedstretchpackage
imagemagicknot-affectedjessiepackage

Примечания

  • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920

  • https://github.com/ImageMagick/ImageMagick/discussions/2132

  • ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/824f344ceb823e156ad6e85314d79c087933c2a0

  • ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/218d6abc4e36596c90a07463bfb2ab9e8312efbb

EPSS

Процентиль: 51%
0.00278
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-13902

CVSS3: 7.1
ubuntu
больше 5 лет назад

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

redhat логотип

CVE-2020-13902

CVSS3: 7.1
redhat
больше 5 лет назад

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

nvd логотип

CVE-2020-13902

CVSS3: 7.1
nvd
больше 5 лет назад

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

github логотип

GHSA-mg9m-6vj7-7v9f

github
больше 3 лет назад

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

EPSS

Процентиль: 51%
0.00278
Низкий