Vulnerability Description
A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagemagick | Imagemagick | < 6.9.10-68 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1894234ExploitIssue TrackingPatch
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1894234ExploitIssue TrackingPatch
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
FAQ
What is CVE-2020-27757?
CVE-2020-27757 is a vulnerability with a CVSS score of 3.3 (LOW). A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw...
How severe is CVE-2020-27757?
CVE-2020-27757 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27757?
Check the references section above for vendor advisories and patch information. Affected products include: Imagemagick Imagemagick, Debian Debian Linux.