Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-27753

Опубликовано: 08 дек. 2020
Источник: nvd
CVSS3: 5.5
CVSS2: 4.3
EPSS Низкий

Описание

There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in AcquireMagickMemory() because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to AcquireMagickMemory(). This flaw affects ImageMagick versions prior to 7.0.9-0.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Версия до 6.9.10-69 (исключая)
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Версия от 7.0.0-0 (включая) до 7.0.9-0 (исключая)

EPSS

Процентиль: 23%
0.00079
Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-401

Связанные уязвимости

ubuntu логотип

CVE-2020-27753

CVSS3: 5.5
ubuntu
около 5 лет назад

There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.

redhat логотип

CVE-2020-27753

CVSS3: 5.5
redhat
больше 6 лет назад

There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.

debian логотип

CVE-2020-27753

CVSS3: 5.5
debian
около 5 лет назад

There are several memory leaks in the MIFF coder in /coders/miff.c due ...

github логотип

GHSA-m43q-5c9p-x5fh

github
больше 3 лет назад

There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.

fstec логотип

BDU:2021-01036

CVSS3: 6.5
fstec
около 5 лет назад

Уязвимость консольного графического редактора ImageMagick, связанная с ошибками освобождения памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 23%
0.00079
Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-401