PublicDateAtUSN: 2020-12-03 17:15:00 UTC
Candidate: CVE-2020-27764
PublicDate: 2020-12-03 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27764
 https://ubuntu.com/security/notices/USN-4988-1
Description:
 In /MagickCore/statistic.c, there are several areas in
 ApplyEvaluateOperator() where a size_t cast should have been a ssize_t
 cast, which causes out-of-range values under some circumstances when a
 crafted input file is processed by ImageMagick. Red Hat Product Security
 marked this as Low severity because although it could potentially lead to
 an impact to application availability, no specific impact was shown in this
 case. This flaw affects ImageMagick versions prior to 6.9.10-69.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://github.com/ImageMagick/ImageMagick/issues/1735
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L [3.3 LOW]


Patches_imagemagick:
 upstream: https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5
upstream_imagemagick: released (8:6.9.11.24+dfsg-1)
precise/esm_imagemagick: DNE
trusty_imagemagick: ignored (out of standard support)
trusty/esm_imagemagick: DNE
xenial_imagemagick: ignored (end of standard support, was needs-triage)
esm-infra/xenial_imagemagick: needs-triage
bionic_imagemagick: released (8:6.9.7.4+dfsg-16ubuntu6.11)
focal_imagemagick: released (8:6.9.10.23+dfsg-2.1ubuntu11.4)
groovy_imagemagick: released (8:6.9.10.23+dfsg-2.1ubuntu13.3)
hirsute_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)
impish_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)
jammy_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)
devel_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)