CVE-2020-27755 - OpenCVE

in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Imagemagick	Imagemagick

Configuration 1 [-]

OR	cpe:2.3:a:imagemagick:imagemagick::::::::
	cpe:2.3:a:imagemagick:imagemagick::::::::

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1894232	Exploit Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2020-12-08T21:57:25

Updated: 2020-12-08T21:57:25

Reserved: 2020-10-27T00:00:00

Link: CVE-2020-27755

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-12-08T22:15:18.290

Modified: 2021-06-02T19:24:46.897

Link: CVE-2020-27755

JSON object: View

Redhat Information

No data.

CWE

CWE-401

{"containers": {"cna": {"affected": [{"product": "ImageMagick", "vendor": "n/a", "versions": [{"status": "affected", "version": "prior to 7.0.9-0"}]}], "descriptions": [{"lang": "en", "value": "in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "CWE-401", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-08T21:57:25", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894232"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-27755", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ImageMagick", "version": {"version_data": [{"version_value": "prior to 7.0.9-0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-401"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894232", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894232"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-27755", "datePublished": "2020-12-08T21:57:25", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2020-12-08T21:57:25", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DA39290-2761-4869-AC2B-A251A33AEA75", "versionEndExcluding": "6.9.10-69", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "010CA5D7-72FB-40D2-B832-30482C376823", "versionEndExcluding": "7.0.9-0", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0."}, {"lang": "es", "value": "En la funci\u00f3n SetImageExtent() del archivo /MagickCore/image.c, un tama\u00f1o de profundidad de imagen incorrecto puede causar una p\u00e9rdida de memoria porque el c\u00f3digo que verifica el tama\u00f1o de profundidad de imagen apropiado no restablece el tama\u00f1o en caso de que haya un tama\u00f1o no v\u00e1lido. El parche restablece la profundidad a un tama\u00f1o apropiado antes de lanzar una excepci\u00f3n. La p\u00e9rdida de memoria puede ser desencadenada por un archivo de entrada dise\u00f1ado que es procesado por ImageMagick y podr\u00eda causar un impacto en la confiabilidad de la aplicaci\u00f3n, como una denegaci\u00f3n de servicio. Este fallo afecta a ImageMagick versiones anteriores a 7.0.9-0"}], "id": "CVE-2020-27755", "lastModified": "2021-06-02T19:24:46.897", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-08T22:15:18.290", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894232"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "secalert@redhat.com", "type": "Primary"}]}