Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-27759

Published: 3 December 2020

In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.

Priority

Low

Cvss 3 Severity Score

3.3

Score breakdown

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
impish Not vulnerable
(8:6.9.11.60+dfsg-1ubuntu1)
hirsute Not vulnerable
(8:6.9.11.60+dfsg-1ubuntu1)
xenial Needed

kinetic Not vulnerable
(8:6.9.11.60+dfsg-1ubuntu1)
bionic
Released (8:6.9.7.4+dfsg-16ubuntu6.11)
focal
Released (8:6.9.10.23+dfsg-2.1ubuntu11.4)
groovy
Released (8:6.9.10.23+dfsg-2.1ubuntu13.3)
jammy Not vulnerable
(8:6.9.11.60+dfsg-1ubuntu1)
lunar Not vulnerable
(8:6.9.11.60+dfsg-1ubuntu1)
trusty Needed

upstream
Released (8:6.9.11.24+dfsg-1)
mantic Not vulnerable
(8:6.9.11.60+dfsg-1ubuntu1)
Patches:
upstream: https://github.com/ImageMagick/ImageMagick6/commit/460dea07066e2001bc4671fcd8d53233f0fc29b3

Severity score breakdown

Parameter Value
Base score 3.3
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact Low
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L