CVE-2020-27758 - Vulnerability Details - OpenCVE

A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Imagemagick	Imagemagick

Configuration 1 [-]

OR	cpe:2.3:a:imagemagick:imagemagick::::::::
	cpe:2.3:a:imagemagick:imagemagick::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1894236
https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
https://nvd.nist.gov/vuln/detail/CVE-2020-27758
https://www.cve.org/CVERecord?id=CVE-2020-27758

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-12-08T00:00:00

Updated: 2024-08-04T16:18:45.841Z

Reserved: 2020-10-27T00:00:00

Link: CVE-2020-27758

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-08T22:15:18.507

Modified: 2024-11-21T05:21:46.530

Link: CVE-2020-27758

Redhat

Severity : Low

Publid Date: 2019-10-05T00:00:00Z

Links: CVE-2020-27758 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-27758", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-04T16:18:45.841Z", "dateReserved": "2020-10-27T00:00:00", "datePublished": "2020-12-08T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-03-11T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68."}], "affected": [{"vendor": "n/a", "product": "ImageMagick", "versions": [{"version": "prior to 7.0.8-68", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894236"}, {"name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"}, {"name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-190", "cweId": "CWE-190"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:18:45.841Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894236", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"}, {"name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "20A931B8-59F9-492E-B03E-8A5422699FB7", "versionEndExcluding": "6.9.10-68", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "F492CAFD-C9C0-44DD-9000-ABC7796FE284", "versionEndExcluding": "7.0.8-68", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68."}, {"lang": "es", "value": "Se encontr\u00f3 uno fallo en ImageMagick en el archivo coders/txt.c. Un atacante que env\u00eda un archivo dise\u00f1ado que es procesado por ImageMagick podr\u00eda desencadenar un comportamiento indefinido en forma de valores fuera del rango de tipo \"unsigned long long\". Esto conllevar\u00eda potencialmente a un impacto en la disponibilidad de la aplicaci\u00f3n, pero podr\u00eda causar otros problemas relacionados con un comportamiento indefinido. Este fallo afecta a ImageMagick versiones anteriores a 7.0.8-68"}], "id": "CVE-2020-27758", "lastModified": "2024-11-21T05:21:46.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2020-12-08T22:15:18.507", "references": [{"source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894236"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"}, {"source": "[email protected]", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894236"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "[email protected]", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Suhwan Song (Seoul National University) for reporting this issue.", "bugzilla": {"description": "ImageMagick: outside the range of representable values of type 'unsigned long long' at coders/txt.c", "id": "1894236", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894236"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.", "A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior."], "name": "CVE-2020-27758", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "inkscape", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2019-10-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-27758\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27758"], "statement": "This flaw is out of support scope for Red Hat Enterprise Linux 5, 6, and 7. Inkscape is not affected because it no longer uses a bundled ImageMagick in Red Hat Enterprise Linux 8. For more information regarding support scopes, please see https://access.redhat.com/support/policy/updates/errata .", "threat_severity": "Low", "upstream_fix": "ImageMagick 7.0.8-68"}