Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-27754

Опубликовано: 14 окт. 2019
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow.

Отчет

This flaw is out of support scope for Red Hat Enterprise Linux 5, 6, and 7. Inkscape is not affected because it no longer uses a bundled ImageMagick in Red Hat Enterprise Linux 8. For more information regarding support scopes, please see https://access.redhat.com/support/policy/updates/errata .

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5ImageMagickOut of support scope
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope
Red Hat Enterprise Linux 8inkscapeNot affected
Red Hat Enterprise Linux 9ImageMagickAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1894231ImageMagick: outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c

EPSS

Процентиль: 25%
0.00086
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-27754

CVSS3: 3.3
ubuntu
около 5 лет назад

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

nvd логотип

CVE-2020-27754

CVSS3: 3.3
nvd
около 5 лет назад

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

debian логотип

CVE-2020-27754

CVSS3: 3.3
debian
около 5 лет назад

In IntensityCompare() of /magick/quantize.c, there are calls to PixelP ...

github логотип

GHSA-568w-cwq2-w5pj

CVSS3: 3.3
github
больше 3 лет назад

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

fstec логотип

BDU:2021-01016

CVSS3: 5.3
fstec
больше 6 лет назад

Уязвимость функции IntensityCompare() консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 25%
0.00086
Низкий

3.3 Low

CVSS3