QwikSec

Security Database

CVE

CWE

Training

CVE-2020-27760

Published: Dec 3, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.

Vendor	Product	Versions
n/a	ImageMagick	affected `ImageMagick 7.0.8-68`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1894239

[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update

mailing-list

[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.