CVE-2020-27772

Опубликовано: 04 дек. 2020

Источник: nvd

CVSS3: 3.3

CVSS2: 4.3

EPSS Низкий

Описание

A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned int. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1898291
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
https://bugzilla.redhat.com/show_bug.cgi?id=1898291
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия до 6.9.10-69 (исключая)

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия от 7.0.0-0 (включая) до 7.0.9 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00086

Низкий

3.3 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2020-27772

CVSS3: 3.3

ubuntu

около 5 лет назад

A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27772

CVSS3: 3.3

redhat

больше 6 лет назад

A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27772

CVSS3: 3.3

debian

около 5 лет назад

A flaw was found in ImageMagick in coders/bmp.c. An attacker who submi ...

GHSA-hhv9-78pr-gqr6

CVSS3: 3.3

github

больше 3 лет назад

A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

BDU:2021-03406

CVSS3: 5.3

fstec

больше 6 лет назад

Уязвимость компонента coders/bmp.c консольного графического редактора ImageMagick, связанная с целочисленным переполнением значения, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 25%

0.00086

Низкий

3.3 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190