UBUNTU-CVE-2020-27752

Source
https://ubuntu.com/security/CVE-2020-27752
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-27752.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-27752
Related
Published
2020-12-08T22:15:00Z
Modified
2024-12-18T16:33:36Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.

References

Affected packages

Ubuntu:Pro:14.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick?arch=src?distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.7.7.10-5ubuntu3
8:6.7.7.10-5ubuntu4
8:6.7.7.10-6ubuntu1
8:6.7.7.10-6ubuntu2
8:6.7.7.10-6ubuntu3
8:6.7.7.10-6ubuntu3.1
8:6.7.7.10-6ubuntu3.2
8:6.7.7.10-6ubuntu3.3
8:6.7.7.10-6ubuntu3.4
8:6.7.7.10-6ubuntu3.5
8:6.7.7.10-6ubuntu3.6
8:6.7.7.10-6ubuntu3.7
8:6.7.7.10-6ubuntu3.8
8:6.7.7.10-6ubuntu3.9
8:6.7.7.10-6ubuntu3.11
8:6.7.7.10-6ubuntu3.12
8:6.7.7.10-6ubuntu3.13
8:6.7.7.10-6ubuntu3.13+esm1
8:6.7.7.10-6ubuntu3.13+esm2
8:6.7.7.10-6ubuntu3.13+esm3
8:6.7.7.10-6ubuntu3.13+esm4
8:6.7.7.10-6ubuntu3.13+esm5
8:6.7.7.10-6ubuntu3.13+esm6
8:6.7.7.10-6ubuntu3.13+esm7
8:6.7.7.10-6ubuntu3.13+esm8
8:6.7.7.10-6ubuntu3.13+esm9
8:6.7.7.10-6ubuntu3.13+esm10
8:6.7.7.10-6ubuntu3.13+esm11
8:6.7.7.10-6ubuntu3.13+esm12

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.8.9.9-5ubuntu2
8:6.8.9.9-6
8:6.8.9.9-6build1
8:6.8.9.9-7
8:6.8.9.9-7ubuntu1
8:6.8.9.9-7ubuntu2
8:6.8.9.9-7ubuntu3
8:6.8.9.9-7ubuntu4
8:6.8.9.9-7ubuntu5
8:6.8.9.9-7ubuntu5.1
8:6.8.9.9-7ubuntu5.2
8:6.8.9.9-7ubuntu5.3
8:6.8.9.9-7ubuntu5.4
8:6.8.9.9-7ubuntu5.5
8:6.8.9.9-7ubuntu5.6
8:6.8.9.9-7ubuntu5.7
8:6.8.9.9-7ubuntu5.8
8:6.8.9.9-7ubuntu5.9
8:6.8.9.9-7ubuntu5.11
8:6.8.9.9-7ubuntu5.12
8:6.8.9.9-7ubuntu5.13
8:6.8.9.9-7ubuntu5.14
8:6.8.9.9-7ubuntu5.15
8:6.8.9.9-7ubuntu5.16
8:6.8.9.9-7ubuntu5.16+esm1
8:6.8.9.9-7ubuntu5.16+esm2
8:6.8.9.9-7ubuntu5.16+esm3
8:6.8.9.9-7ubuntu5.16+esm4
8:6.8.9.9-7ubuntu5.16+esm5
8:6.8.9.9-7ubuntu5.16+esm6
8:6.8.9.9-7ubuntu5.16+esm7
8:6.8.9.9-7ubuntu5.16+esm8
8:6.8.9.9-7ubuntu5.16+esm9
8:6.8.9.9-7ubuntu5.16+esm10
8:6.8.9.9-7ubuntu5.16+esm11

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.7.4+dfsg-16ubuntu2
8:6.9.7.4+dfsg-16ubuntu3
8:6.9.7.4+dfsg-16ubuntu4
8:6.9.7.4+dfsg-16ubuntu5
8:6.9.7.4+dfsg-16ubuntu6
8:6.9.7.4+dfsg-16ubuntu6.2
8:6.9.7.4+dfsg-16ubuntu6.3
8:6.9.7.4+dfsg-16ubuntu6.4
8:6.9.7.4+dfsg-16ubuntu6.7
8:6.9.7.4+dfsg-16ubuntu6.8
8:6.9.7.4+dfsg-16ubuntu6.9
8:6.9.7.4+dfsg-16ubuntu6.11
8:6.9.7.4+dfsg-16ubuntu6.12
8:6.9.7.4+dfsg-16ubuntu6.13
8:6.9.7.4+dfsg-16ubuntu6.14
8:6.9.7.4+dfsg-16ubuntu6.15
8:6.9.7.4+dfsg-16ubuntu6.15+esm1
8:6.9.7.4+dfsg-16ubuntu6.15+esm2
8:6.9.7.4+dfsg-16ubuntu6.15+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.10.23+dfsg-2.1ubuntu3
8:6.9.10.23+dfsg-2.1ubuntu8
8:6.9.10.23+dfsg-2.1ubuntu9
8:6.9.10.23+dfsg-2.1ubuntu10
8:6.9.10.23+dfsg-2.1ubuntu11
8:6.9.10.23+dfsg-2.1ubuntu11.1
8:6.9.10.23+dfsg-2.1ubuntu11.2
8:6.9.10.23+dfsg-2.1ubuntu11.4
8:6.9.10.23+dfsg-2.1ubuntu11.5
8:6.9.10.23+dfsg-2.1ubuntu11.6
8:6.9.10.23+dfsg-2.1ubuntu11.7
8:6.9.10.23+dfsg-2.1ubuntu11.9
8:6.9.10.23+dfsg-2.1ubuntu11.10

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:6.9.11.60+dfsg-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "imagemagick"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "imagemagick-6-common"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "imagemagick-6-doc"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "imagemagick-6.q16"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "imagemagick-6.q16-dbgsym"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "imagemagick-6.q16hdri"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "imagemagick-6.q16hdri-dbgsym"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "imagemagick-common"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "imagemagick-doc"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libimage-magick-perl"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libimage-magick-q16-perl"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libimage-magick-q16-perl-dbgsym"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libimage-magick-q16hdri-perl"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libimage-magick-q16hdri-perl-dbgsym"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagick++-6-headers"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagick++-6.q16-8"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagick++-6.q16-8-dbgsym"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagick++-6.q16-dev"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagick++-6.q16hdri-8"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagick++-6.q16hdri-8-dbgsym"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagick++-6.q16hdri-dev"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagick++-dev"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-6-arch-config"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-6-headers"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-6.q16-6"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-6.q16-6-dbgsym"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-6.q16-6-extra"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-6.q16-6-extra-dbgsym"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-6.q16-dev"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-6.q16hdri-6"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-6.q16hdri-6-dbgsym"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-6.q16hdri-6-extra"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-6.q16hdri-6-extra-dbgsym"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-6.q16hdri-dev"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickcore-dev"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickwand-6-headers"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickwand-6.q16-6"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickwand-6.q16-6-dbgsym"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickwand-6.q16-dev"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickwand-6.q16hdri-6"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickwand-6.q16hdri-6-dbgsym"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickwand-6.q16hdri-dev"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "libmagickwand-dev"
        },
        {
            "binary_version": "8:6.9.11.60+dfsg-1ubuntu1",
            "binary_name": "perlmagick"
        }
    ]
}