CVE-2020-27774

Опубликовано: 04 дек. 2020

Источник: nvd

CVSS3: 3.3

CVSS2: 4.3

EPSS Низкий

Описание

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type ssize_t. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1898296
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
https://bugzilla.redhat.com/show_bug.cgi?id=1898296
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия до 6.9.10-69 (исключая)

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия от 7.0.0-0 (включая) до 7.0.9-0 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00086

Низкий

3.3 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2020-27774

CVSS3: 3.3

ubuntu

около 5 лет назад

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27774

CVSS3: 3.3

redhat

больше 6 лет назад

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27774

CVSS3: 3.3

debian

около 5 лет назад

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...

GHSA-7r3q-r8vw-83vp

CVSS3: 3.3

github

больше 3 лет назад

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

BDU:2021-03442

CVSS3: 5.3

fstec

больше 6 лет назад

Уязвимость компонента MagickCore/statistic.c консольного графического редактора ImageMagick, связанная с целочисленным переполнением значения, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 25%

0.00086

Низкий

3.3 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190