Vulnerability Description
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagemagick | Imagemagick | < 6.9.10-69 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1894679Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1894679Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
FAQ
What is CVE-2020-27761?
CVE-2020-27761 is a vulnerability with a CVSS score of 3.3 (LOW). WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a craf...
How severe is CVE-2020-27761?
CVE-2020-27761 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27761?
Check the references section above for vendor advisories and patch information. Affected products include: Imagemagick Imagemagick, Debian Debian Linux.