CVE-2020-27750: Divide by Zero
First published: Tue Oct 27 2020(Updated: )
A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ImageMagick ImageMagick | <6.9.10-68 | |
| ImageMagick ImageMagick | >=7.0.0-0<7.0.8-68 | |
| Debian Debian Linux | =9.0 | |
| redhat/ImageMagick 7.0.8 | <68 | 68 |
| debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1891984
- https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html
- https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
- https://launchpad.net/bugs/cve/CVE-2020-27750
- https://github.com/ImageMagick/ImageMagick/issues/1711
- https://github.com/ImageMagick/ImageMagick/commit/a81ca9a1b46a96be83682af3389f0a6f3d0d389d
- https://access.redhat.com/support/policy/updates/errata
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1901241
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1901242
- https://access.redhat.com/security/cve/cve-2020-27750
- https://github.com/ImageMagick/ImageMagick6/commit/c7038e710ad0204d6cb37a0229fc55f6f8a8662f
- https://security-tracker.debian.org/tracker/CVE-2020-27750
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27750
- https://nvd.nist.gov/vuln/detail/CVE-2020-27750
- https://ubuntu.com/security/CVE-2020-27750
Frequently Asked Questions
What is CVE-2020-27750?
CVE-2020-27750 is a vulnerability found in ImageMagick that can trigger undefined behavior and math division by zero when processing a crafted file, leading to values outside the range of type 'unsigned char'.
How severe is CVE-2020-27750?
The severity of CVE-2020-27750 is medium, with a CVSS score of 5.5.
What software is affected by CVE-2020-27750?
The affected software includes ImageMagick versions up to 8:6.9.10.23+dfsg-2.1ubuntu13.3, 8:6.9.11.24+dfsg-1, 8:6.9.7.4+dfsg-16ubuntu6.11, 8:6.8.9.9-7ubuntu5.16+, and 8:6.9.10.23+dfsg-2.1ubuntu11.4.
How can I fix CVE-2020-27750 in ImageMagick?
To fix CVE-2020-27750, it is recommended to update ImageMagick to version 8:6.9.10.23+dfsg-2.1ubuntu13.3 or later.
Where can I find more information about CVE-2020-27750?
You can find more information about CVE-2020-27750 at the following references: [1] [2] [3]
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-27750
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/imagemagick
- canonical/imagemagick imagemagick
- version/imagemagick imagemagick/7.0.0-0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- package-manager/redhat
- package-manager/debian