What is CVE-2020-25666?

CVE-2020-25666 is a vulnerability in ImageMagick, specifically in the HistogramCompare() function in MagickCore/histogram.c.

How severe is CVE-2020-25666?

CVE-2020-25666 has a severity score of 3.3, which is considered medium.

What is the affected software and versions for CVE-2020-25666?

The affected software is ImageMagick, and the vulnerable versions are 8:6.9.7.4+dfsg-16ubuntu6.11, 8:6.9.10.23+dfsg-2.1ubuntu11.4, 8:6.9.10.23+dfsg-2.1ubuntu13.3, and 8:6.9.11.24+dfsg-1.

How can I fix CVE-2020-25666?

To fix CVE-2020-25666, update ImageMagick to versions 8:6.9.7.4+dfsg-16ubuntu6.11, 8:6.9.10.23+dfsg-2.1ubuntu11.4, 8:6.9.10.23+dfsg-2.1ubuntu13.3, or 8:6.9.11.24+dfsg-1.

Where can I find more information about CVE-2020-25666?

You can find more information about CVE-2020-25666 at the following references: [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25666), [Ubuntu Security Notices](https://ubuntu.com/security/notices/USN-4988-1), and [NVD](https://nvd.nist.gov/vuln/detail/CVE-2020-25666).

Vulnerability/
CVE-2020-25666

medium

4.3

CWE

190

26/10/2020

8/12/2020

21/11/2024

CVE-2020-25666: Integer Overflow

First published: Mon Oct 26 2020(Updated: )

ImageMagick 7.0.8-68 there are 4 outside the range of representable values of type 'int' and a signed integer overflow at MagickCore/histogram.c. Reference: <a href="https://github.com/ImageMagick/ImageMagick/issues/1750">https://github.com/ImageMagick/ImageMagick/issues/1750</a> Upstream patch: <a href="https://github.com/ImageMagick/ImageMagick/commit/94691f00839dbdf43edb1508af945ab19b388573">https://github.com/ImageMagick/ImageMagick/commit/94691f00839dbdf43edb1508af945ab19b388573</a>

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
ImageMagick ImageMagick	<6.9.10-69
ImageMagick ImageMagick	>=7.0.0-0<7.0.9-0
Debian Debian Linux	=9.0
redhat/ImageMagick 7.0.9	<0	0
debian/imagemagick		8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=1891612

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-25666?
CVE-2020-25666 is a vulnerability in ImageMagick, specifically in the HistogramCompare() function in MagickCore/histogram.c.
How severe is CVE-2020-25666?
CVE-2020-25666 has a severity score of 3.3, which is considered medium.
What is the affected software and versions for CVE-2020-25666?
The affected software is ImageMagick, and the vulnerable versions are 8:6.9.7.4+dfsg-16ubuntu6.11, 8:6.9.10.23+dfsg-2.1ubuntu11.4, 8:6.9.10.23+dfsg-2.1ubuntu13.3, and 8:6.9.11.24+dfsg-1.
How can I fix CVE-2020-25666?
To fix CVE-2020-25666, update ImageMagick to versions 8:6.9.7.4+dfsg-16ubuntu6.11, 8:6.9.10.23+dfsg-2.1ubuntu11.4, 8:6.9.10.23+dfsg-2.1ubuntu13.3, or 8:6.9.11.24+dfsg-1.
Where can I find more information about CVE-2020-25666?
You can find more information about CVE-2020-25666 at the following references: [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25666), [Ubuntu Security Notices](https://ubuntu.com/security/notices/USN-4988-1), and [NVD](https://nvd.nist.gov/vuln/detail/CVE-2020-25666).

collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-25666
agent/software-canonical-lookup
agent/severity
agent/weakness
collector/mitre-cve
source/MITRE
agent/references
agent/remedy
agent/tags
collector/usn-cve
source/Ubuntu
agent/event
agent/description
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/last-modified-date
agent/trending
vendor/imagemagick
canonical/imagemagick imagemagick
version/imagemagick imagemagick/7.0.0-0
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
package-manager/redhat
package-manager/debian