Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-27754

Опубликовано: 08 дек. 2020
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 3.3

Описание

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

РелизСтатусПримечание
bionic

released

8:6.9.7.4+dfsg-16ubuntu6.11
devel

not-affected

8:6.9.11.60+dfsg-1ubuntu1
esm-apps/focal

released

8:6.9.10.23+dfsg-2.1ubuntu11.4
esm-apps/jammy

not-affected

8:6.9.11.60+dfsg-1ubuntu1
esm-apps/noble

not-affected

8:6.9.11.60+dfsg-1ubuntu1
esm-infra-legacy/trusty

released

8:6.7.7.10-6ubuntu3.13+esm11
esm-infra/bionic

released

8:6.9.7.4+dfsg-16ubuntu6.11
esm-infra/xenial

released

8:6.8.9.9-7ubuntu5.16+esm11
focal

released

8:6.9.10.23+dfsg-2.1ubuntu11.4
groovy

released

8:6.9.10.23+dfsg-2.1ubuntu13.3

Показывать по

Ссылки на источники

EPSS

Процентиль: 25%
0.00086
Низкий

4.3 Medium

CVSS2

3.3 Low

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-27754

CVSS3: 3.3
redhat
больше 6 лет назад

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

nvd логотип

CVE-2020-27754

CVSS3: 3.3
nvd
около 5 лет назад

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

debian логотип

CVE-2020-27754

CVSS3: 3.3
debian
около 5 лет назад

In IntensityCompare() of /magick/quantize.c, there are calls to PixelP ...

github логотип

GHSA-568w-cwq2-w5pj

CVSS3: 3.3
github
больше 3 лет назад

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

fstec логотип

BDU:2021-01016

CVSS3: 5.3
fstec
больше 6 лет назад

Уязвимость функции IntensityCompare() консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 25%
0.00086
Низкий

4.3 Medium

CVSS2

3.3 Low

CVSS3