Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-25666

Опубликовано: 08 дек. 2020
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 3.3

Описание

There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and count value for a color. The patch uses casts to ssize_t type for these calculations, instead of int. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.

РелизСтатусПримечание
bionic

released

8:6.9.7.4+dfsg-16ubuntu6.11
devel

not-affected

8:6.9.11.60+dfsg-1ubuntu1
esm-apps/focal

released

8:6.9.10.23+dfsg-2.1ubuntu11.4
esm-apps/jammy

not-affected

8:6.9.11.60+dfsg-1ubuntu1
esm-apps/noble

not-affected

8:6.9.11.60+dfsg-1ubuntu1
esm-infra-legacy/trusty

released

8:6.7.7.10-6ubuntu3.13+esm11
esm-infra/bionic

released

8:6.9.7.4+dfsg-16ubuntu6.11
esm-infra/xenial

released

8:6.8.9.9-7ubuntu5.16+esm11
focal

released

8:6.9.10.23+dfsg-2.1ubuntu11.4
groovy

released

8:6.9.10.23+dfsg-2.1ubuntu13.3

Показывать по

Ссылки на источники

EPSS

Процентиль: 32%
0.00127
Низкий

4.3 Medium

CVSS2

3.3 Low

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-25666

CVSS3: 3.3
redhat
больше 6 лет назад

There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.

nvd логотип

CVE-2020-25666

CVSS3: 3.3
nvd
около 5 лет назад

There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.

debian логотип

CVE-2020-25666

CVSS3: 3.3
debian
около 5 лет назад

There are 4 places in HistogramCompare() in MagickCore/histogram.c whe ...

github логотип

GHSA-c4wq-p3w6-jv54

CVSS3: 3.3
github
больше 3 лет назад

There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.

fstec логотип

BDU:2021-03411

CVSS3: 5.3
fstec
больше 6 лет назад

Уязвимость функции HistogramCompare() компонента MagickCore/histogram.c консольного графического редактора ImageMagick, связанная с целочисленным переполнением значения, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 32%
0.00127
Низкий

4.3 Medium

CVSS2

3.3 Low

CVSS3