First published: Mon Nov 16 2020(Updated: )
In ImageMagick, there is an outside the range of representable values of type 'unsigned char' at coders/pdf.c. Reference: <a href="https://github.com/ImageMagick/ImageMagick/issues/1753">https://github.com/ImageMagick/ImageMagick/issues/1753</a> Upstream patch: <a href="https://github.com/ImageMagick/ImageMagick/commit/872ffe6d0131beec8b47568a4874ffaca91a872e">https://github.com/ImageMagick/ImageMagick/commit/872ffe6d0131beec8b47568a4874ffaca91a872e</a> <a href="https://github.com/ImageMagick/ImageMagick/commit/9dd1c7e1f8f6c137bfd3293be2554f59456c7b62">https://github.com/ImageMagick/ImageMagick/commit/9dd1c7e1f8f6c137bfd3293be2554f59456c7b62</a>
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | <6.9.10-69 | |
ImageMagick ImageMagick | >=7.0.0-0<7.0.9 | |
Redhat Enterprise Linux | =5.0 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Debian Debian Linux | =9.0 | |
redhat/ImageMagick 7.0.9 | <0 | 0 |
debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-27771 is a vulnerability in the Imagemagick package that allows for values outside the range of representable unsigned char type.
The severity of CVE-2020-27771 is medium with a severity value of 3.3.
CVE-2020-27771 affects Imagemagick versions 6.9.10.23+dfsg-2.1ubuntu11.4, 6.9.10.23+dfsg-2.1ubuntu13.3, 6.9.11.24+dfsg-1, 6.9.7.4+dfsg-16ubuntu6.11, and 6.9.10.23+dfsg-2.1+deb10u5.
The fix for CVE-2020-27771 is to update to Imagemagick version 6.9.10.23+dfsg-2.1ubuntu11.4, 6.9.10.23+dfsg-2.1ubuntu13.3, 6.9.11.24+dfsg-1, 6.9.7.4+dfsg-16ubuntu6.11, or 6.9.10.23+dfsg-2.1+deb10u5.
More information about CVE-2020-27771 can be found on MITRE's CVE website, the Ubuntu Security Notices, and the NIST NVD website.