CVE-2020-27773

Опубликовано: 04 дек. 2020

Источник: nvd

CVSS3: 3.3

CVSS2: 4.3

EPSS Низкий

Описание

A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1898295
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
https://bugzilla.redhat.com/show_bug.cgi?id=1898295
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия до 6.9.10-69 (исключая)

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия от 7.0.0-0 (включая) до 7.0.9 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00086

Низкий

3.3 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-369

Связанные уязвимости

CVE-2020-27773

CVSS3: 3.3

ubuntu

около 5 лет назад

A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27773

CVSS3: 3.3

redhat

больше 6 лет назад

A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27773

CVSS3: 3.3

debian

около 5 лет назад

A flaw was found in ImageMagick in MagickCore/gem-private.h. An attack ...

GHSA-6797-x9mp-395p

CVSS3: 3.3

github

больше 3 лет назад

A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

BDU:2021-03426

CVSS3: 5.3

fstec

больше 6 лет назад

Уязвимость компонента MagickCore/gem-private.h консольного графического редактора ImageMagick, связанная с делением на ноль, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 25%

0.00086

Низкий

3.3 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-369