PublicDateAtUSN: 2020-12-04 15:15:00 UTC
Candidate: CVE-2020-27765
PublicDate: 2020-12-04 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27765
 https://ubuntu.com/security/notices/USN-4988-1
Description:
 A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who
 submits a crafted file that is processed by ImageMagick could trigger
 undefined behavior in the form of math division by zero. This would most
 likely lead to an impact to application availability, but could potentially
 cause other problems related to undefined behavior. This flaw affects
 ImageMagick versions prior to 7.0.9-0.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://github.com/ImageMagick/ImageMagick/issues/1730
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L [3.3 LOW]


Patches_imagemagick:
 upstream: https://github.com/ImageMagick/ImageMagick6/commit/4321934be544bc2888c6799fd6b50d8188a3d832
upstream_imagemagick: released (8:6.9.11.24+dfsg-1)
precise/esm_imagemagick: DNE
trusty_imagemagick: ignored (out of standard support)
trusty/esm_imagemagick: DNE
xenial_imagemagick: ignored (end of standard support, was needs-triage)
esm-infra/xenial_imagemagick: needs-triage
bionic_imagemagick: released (8:6.9.7.4+dfsg-16ubuntu6.11)
focal_imagemagick: released (8:6.9.10.23+dfsg-2.1ubuntu11.4)
groovy_imagemagick: released (8:6.9.10.23+dfsg-2.1ubuntu13.3)
hirsute_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)
impish_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)
jammy_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)
devel_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)