Debian 9: DLA-2672-1 Critical Imagemagick Undefined Behavior Advisory
debian lts
June 3, 2021
Multiple security issues have been discovered in imagemagick
Summary
CVE-2020-27751
A flaw was found in MagickCore/quantum-export.c. An attacker who submits a
crafted file that is processed by ImageMagick could trigger undefined behavior
in the form of values outside the range of type
`unsigned long long` as well as a shift exponent that is too large for
64-bit type. This would most likely lead to an impact to application availability,
but could potentially cause other problems related to undefined behavior.
CVE-2021-20243
A flaw was found in MagickCore/resize.c. An attacker who submits a crafted
file that is processed by ImageMagick could trigger undefined behavior
in the form of math division by zero.
CVE-2021-20245
A flaw was found in coders/webp.c. An attacker who submits a crafted file that
is processed by ImageMagick could trigger undefined behavior in the form of
math division by zero.
CVE-2021-20309
A division by zero in WaveImage() of MagickCore/visual-effects.c may trigger
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: imagemagick
Version: 8:6.9.7.4+dfsg-11+deb9u13
CVE ID: CVE-2020-27751 CVE-2021-20243 CVE-2021-20245 CVE-2021-20309
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!