CVE-2020-27756

Published: Dec 8, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.

Affected (2)

Products: Imagemagick: Imagemagick

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	From 6.9.9-34 to 6.9.10-69
Imagemagick Imagemagick	From 7.0.0-0 to 7.0.9-0

Related CWEs

The product divides a value by zero.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1894233

Source: secalert@redhat.com

ExploitIssue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1894233

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.