Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-27752

Опубликовано: 04 окт. 2019
Источник: redhat
CVSS3: 7.1

Описание

A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.

A flaw was found in ImageMagick in MagickCore/quantum-private.h. This flaw allows an attacker who submits a crafted file processed by ImageMagick to trigger a heap buffer overflow. The highest threat from this vulnerability is to system availability and also a potential impact on data integrity.

Отчет

This flaw is out of support scope for Red Hat Enterprise Linux 5, 6, and 7. Inkscape is not affected because it no longer uses a bundled ImageMagick in Red Hat Enterprise Linux 8. For more information regarding support scopes, please see https://access.redhat.com/support/policy/updates/errata .

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ImageMagickOut of support scope
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope
Red Hat Enterprise Linux 8inkscapeNot affected
Red Hat Enterprise Linux 9ImageMagickAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122->CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1894226ImageMagick: heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h

7.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-27752

CVSS3: 7.1
ubuntu
около 5 лет назад

A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.

nvd логотип

CVE-2020-27752

CVSS3: 7.1
nvd
около 5 лет назад

A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.

debian логотип

CVE-2020-27752

CVSS3: 7.1
debian
около 5 лет назад

A flaw was found in ImageMagick in MagickCore/quantum-private.h. An at ...

github логотип

GHSA-8h84-r7fq-5pcm

github
больше 3 лет назад

A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.

fstec логотип

BDU:2021-01009

CVSS3: 7.1
fstec
около 5 лет назад

Уязвимость консольного графического редактора ImageMagick, вызванная переполнением буфера, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации

7.1 High

CVSS3