First published: Mon Nov 16 2020(Updated: )
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | <6.9.10-69 | |
ImageMagick ImageMagick | >=7.0.0-0<7.0.9 | |
Redhat Enterprise Linux | =5.0 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Debian Debian Linux | =9.0 | |
redhat/ImageMagick 7.0.9 | <0 | 0 |
debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-27772 is a vulnerability found in ImageMagick in coders/bmp.c.
The severity of CVE-2020-27772 is medium, with a severity value of 3.3.
CVE-2020-27772 can lead to an impact on application availability.
To fix CVE-2020-27772, update ImageMagick to version 8:6.9.10.23+dfsg-2.1ubuntu13.3.
You can find more information about CVE-2020-27772 at the following references: CVE-2020-27772, Ubuntu Security Notice USN-4988-1, and NIST NVD CVE-2020-27772.