CVE-2020-13902

Опубликовано: 07 июн. 2020

Источник: nvd

CVSS3: 7.1

CVSS2: 5.8

EPSS Низкий

Описание

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия от 7.0.9-27 (включая) до 7.0.10-17 (включая)

EPSS

Процентиль: 51%

0.00278

Низкий

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2020-13902

CVSS3: 7.1

ubuntu

больше 5 лет назад

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

CVE-2020-13902

CVSS3: 7.1

redhat

больше 5 лет назад

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

CVE-2020-13902

CVSS3: 7.1

debian

больше 5 лет назад

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-re ...

GHSA-mg9m-6vj7-7v9f

github

больше 3 лет назад

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

EPSS

Процентиль: 51%

0.00278

Низкий

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-125