CVE-2020-27763: Divide by Zero
First published: Wed Nov 04 2020(Updated: )
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ImageMagick ImageMagick | <6.9.10-68 | |
| ImageMagick ImageMagick | >=7.0.0-0<7.0.8-68 | |
| Debian Debian Linux | =9.0 | |
| redhat/ImageMagick 7.0.8 | <68 | 68 |
| debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1894682
- https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html
- https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
- https://launchpad.net/bugs/cve/CVE-2020-27763
- https://github.com/ImageMagick/ImageMagick/issues/1718
- https://github.com/ImageMagick/ImageMagick/commit/43539e67a47d2f8de832d33a5b26dc2a7a12294f
- https://access.redhat.com/support/policy/updates/errata
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1901271
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1901272
- https://access.redhat.com/security/cve/cve-2020-27763
- https://github.com/ImageMagick/ImageMagick6/commit/cc0944d57f846c839905d573503ab055b34090e4
- https://security-tracker.debian.org/tracker/CVE-2020-27763
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27763
- https://nvd.nist.gov/vuln/detail/CVE-2020-27763
- https://ubuntu.com/security/CVE-2020-27763
Frequently Asked Questions
What is the vulnerability ID of this flaw?
The vulnerability ID is CVE-2020-27763.
What is the severity level of CVE-2020-27763?
The severity level of CVE-2020-27763 is medium.
Which software is affected by CVE-2020-27763?
ImageMagick versions 8:6.9.7.4+dfsg-16ubuntu6.11, 8:6.9.10.23+dfsg-2.1ubuntu11.4, 8:6.9.10.23+dfsg-2.1ubuntu13.3, 8:6.9.11.24+dfsg-1, 7.0.0-0 to 7.0.8-68, and 9.0 on Debian Linux 9.0 are affected.
How can this vulnerability be exploited?
An attacker could exploit this vulnerability by submitting a crafted file that is processed by ImageMagick, triggering undefined behavior in the form of math division by zero.
Are there any known remedies for CVE-2020-27763?
Yes, there are known remedies available. Please refer to the provided references for more information on specific remedies.
- agent/author
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-index
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-27763
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/event
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- agent/trending
- vendor/imagemagick
- canonical/imagemagick imagemagick
- version/imagemagick imagemagick/7.0.0-0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- package-manager/redhat
- package-manager/debian