CVE-2020-27757

CVE-2020-27757 : In ImageMagick, a floating-point calculation in ScaleAnyToQuantum() (MagickCore/quantum-private.h) can overflow the range of unsigned long long, causing undefined behavior when processing crafted input files. Affected: ImageMagick versions prior to 7.0.8-68. Root cause: floating-...

CVE-2020-27756

CVE-2020-27756 is a vulnerability in ImageMagick where ParseMetaGeometry() in MagickCore/geometry.c can trigger a divide-by-zero, causing undefined behavior. It affects ImageMagick versions before 7.0.9-0. The patch adds multiplication alongside PerceptibleReciprocal() to prevent the division by ...

Imagemagick Studio ImageMagick 数字错误漏洞

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in MagickCore versions prior to 7.0.8-68, which stems...

CVE-2020-27751

A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long as well as a shift exponent that is too large for 64-bit type...

CVE-2020-25676

In CatromWeights, MeshInterpolate, InterpolatePixelChannel, InterpolatePixelChannels, and InterpolatePixelInfo, which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor function. These calculations produced...

CVE-2020-25675

In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a...

ImageMagick Studio ImageMagick and Sanitize Input Validation Error Vulnerability

Imagemagick Studio ImageMagick is a suite of open source image processing software from Imagemagick Studio, USA. The software can read, convert, or write images in a variety of formats.Sanitize is an HTML and CSS cleaner by Ryan Grove, an individual developer in the United States, which supports...

ImageMagick Studio ImageMagick 输入验证错误漏洞

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in ImageMagick versions prior to 7.0.9-0, which stems...

ImageMagick Studio ImageMagick 输入验证错误漏洞

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in ImageMagick versions prior to 7.0.8-68, which stem...

CVE-2020-27757

A floating point math calculation in ScaleAnyToQuantum of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by...

CVE-2020-25675

CVE-2020-25675 : ImageMagick’s CropImage() and CropImageToTiles() perform rounding on unconstrained pixel offsets, causing undefined behavior via integer overflow/out-of-range values when processing untrusted input. The upstream patch constrains pixel offsets to prevent these issues. Affected: Im...

CVE-2020-27751

ImageMagick vulnerability CVE-2020-27751 affects MagickCore/quantum-export.c. Processing a crafted file can trigger undefined behavior: values outside the range of unsigned long long and a shift exponent too large for 64-bit, with the likely impact on availability. Affected are ImageMagick versio...

ImageMagick Studio ImageMagick 输入验证错误漏洞

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in versions of ImageMagick prior to 7.0.9-0, which...

CVE-2020-27750

A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char and math division by zero. This would...

CVE-2020-27758

A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long. This would most likely lead to an impact to application availability, but...

CVE-2020-27758

CVE-2020-27758 : A flaw in ImageMagick (coders/txt.c) allows an attacker to submit a crafted file that ImageMagick processes, triggering undefined behavior outside the range of unsigned long long and likely impacting availability. Affected: ImageMagick versions prior to 7.0.8-68. This vulnerabili...

CVE-2020-27750

CVE-2020-27750 affects ImageMagick between MagickCore components colorspace-private.h and quantum.h. A crafted file processed by ImageMagick could trigger undefined behavior due to values outside the range of unsigned char and possible division by zero, with the impact primarily on availability. ...

CVE-2020-27758

A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long. This would most likely lead to an impact to application availability, but...

CVE-2020-27750

A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char and math division by zero. This would...

CVE-2020-27751

A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long as well as a shift exponent that is too large for 64-bit type...