PublicDateAtUSN: 2020-12-04 21:15:00 UTC
Candidate: CVE-2020-27776
PublicDate: 2020-12-04 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27776
 https://ubuntu.com/security/notices/USN-4988-1
Description:
 A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who
 submits a crafted file that is processed by ImageMagick could trigger
 undefined behavior in the form of values outside the range of type unsigned
 long. This would most likely lead to an impact to application availability,
 but could potentially cause other problems related to undefined behavior.
 This flaw affects ImageMagick versions prior to 7.0.9-0.
Ubuntu-Description:
Notes:
 mdeslaur> same fix as CVE-2020-27764
Mitigation:
Bugs:
 https://github.com/ImageMagick/ImageMagick/issues/1736
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L [3.3 LOW]


Patches_imagemagick:
 upstream: https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5
upstream_imagemagick: released (8:6.9.11.24+dfsg-1)
precise/esm_imagemagick: DNE
trusty_imagemagick: ignored (out of standard support)
trusty/esm_imagemagick: DNE
xenial_imagemagick: ignored (end of standard support, was needs-triage)
esm-infra/xenial_imagemagick: needs-triage
bionic_imagemagick: released (8:6.9.7.4+dfsg-16ubuntu6.11)
focal_imagemagick: released (8:6.9.10.23+dfsg-2.1ubuntu11.4)
groovy_imagemagick: released (8:6.9.10.23+dfsg-2.1ubuntu13.3)
hirsute_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)
impish_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)
jammy_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)
devel_imagemagick: not-affected (8:6.9.11.60+dfsg-1ubuntu1)