CVE-2020-27757

Updated: 2024-11-23 03:27:11.566054

Description:

A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.3
CVSS Version 3.x LOW 3.3

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS imagemagick 6.7.2.7 3.3 LOW Released CLSA-2024:1731956848 2024-11-29 12:04:16
CentOS 7 ELS imagemagick 6.9.10.68 3.3 LOW Already Fixed 2024-11-11 13:28:42
Ubuntu 16.04 ELS imagemagick 6.8.9.9-7 3.3 LOW Released CLSA-2024:1731523487 2024-11-13 16:35:17
Ubuntu 18.04 ELS imagemagick 6.9.7.4 3.3 LOW Already Fixed 2024-11-11 13:28:42