Security Flaw in ImageMagick Affecting Multiple Versions
CVE-2020-27766

7.8HIGH

Key Information:

Vendor

Imagemagick
Status
Imagemagick
Vendor
CVE Published:
4 December 2020

What is CVE-2020-27766?

A security flaw exists in ImageMagick's MagickCore/statistic.c that allows attackers to exploit crafted files. This flaw can lead to undefined behavior, potentially affecting application stability. Specifically, the issue arises due to values falling outside the limits of the 'unsigned long' type, which could disrupt normal operations or lead to unexpected system behavior. This vulnerability affects all ImageMagick versions prior to 7.0.8-69, necessitating immediate attention and patching.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ImageMagick ImageMagick 7.0.8-69

References

https://bugzilla.redhat.com/show_bug.cgi?id=1894686
https://lists.debian.org/debian-lts-announce/2021/03/msg0...
mailing-list
https://lists.debian.org/debian-lts-announce/2023/03/msg0...
mailing-list

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.