Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-27754

Опубликовано: 08 дек. 2020
Источник: nvd
CVSS3: 3.3
CVSS2: 4.3
EPSS Низкий

Описание

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Версия до 6.9.10-69 (исключая)
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Версия от 7.0.8 (включая) до 7.0.8-69 (исключая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%
0.00086
Низкий

3.3 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2020-27754

CVSS3: 3.3
ubuntu
около 5 лет назад

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

redhat логотип

CVE-2020-27754

CVSS3: 3.3
redhat
больше 6 лет назад

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

debian логотип

CVE-2020-27754

CVSS3: 3.3
debian
около 5 лет назад

In IntensityCompare() of /magick/quantize.c, there are calls to PixelP ...

github логотип

GHSA-568w-cwq2-w5pj

CVSS3: 3.3
github
больше 3 лет назад

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

fstec логотип

BDU:2021-01016

CVSS3: 5.3
fstec
больше 6 лет назад

Уязвимость функции IntensityCompare() консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 25%
0.00086
Низкий

3.3 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190