First published: Wed Nov 04 2020(Updated: )
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | <7.0.9-0 | |
Redhat Enterprise Linux Desktop | =5.0 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Fedoraproject Fedora | =33 | |
ubuntu/imagemagick | <8:6.9.7.4+dfsg-16ubuntu6.11 | 8:6.9.7.4+dfsg-16ubuntu6.11 |
ubuntu/imagemagick | <8:6.9.10.23+dfsg-2.1ubuntu11.4 | 8:6.9.10.23+dfsg-2.1ubuntu11.4 |
ubuntu/imagemagick | <8:6.9.10.23+dfsg-2.1ubuntu13.3 | 8:6.9.10.23+dfsg-2.1ubuntu13.3 |
ubuntu/imagemagick | <8:6.9.11.24+dfsg-1 | 8:6.9.11.24+dfsg-1 |
redhat/ImageMagick 7.0.9 | <0 | 0 |
debian/imagemagick | <=8:6.9.10.23+dfsg-2.1+deb10u1 | 8:6.9.10.23+dfsg-2.1+deb10u7 8:6.9.11.60+dfsg-1.3+deb11u2 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6 8:6.9.11.60+dfsg-1.6+deb12u1 8:6.9.12.98+dfsg1-5 8:6.9.12.98+dfsg1-5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-27769 is a vulnerability in ImageMagick versions before 7.0.9-0 that allows values outside the range of representable floats.
The severity of CVE-2020-27769 is medium with a severity value of 3.3.
ImageMagick versions before 7.0.9-0 are affected by CVE-2020-27769.
To fix CVE-2020-27769, upgrade ImageMagick to version 7.0.9-0 or later.
More information about CVE-2020-27769 can be found on MITRE's CVE website, ImageMagick GitHub repository, and Ubuntu security notices page.