UBUNTU-CVE-2020-27754
- Source
- https://ubuntu.com/security/CVE-2020-27754
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-27754.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-27754
- Upstream
- Downstream
- Related
- Published
- 2020-12-08T22:15:00Z
- Modified
- 2026-04-22T12:37:56.194973Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/ubuntu/imagemagick@8:6.8.9.9-7ubuntu5.16+esm11?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8:6.8.9.9-7ubuntu5.16+esm11
Affected versions
8:6.*
8:6.8.9.9-5ubuntu2
8:6.8.9.9-6
8:6.8.9.9-6build1
8:6.8.9.9-7
8:6.8.9.9-7ubuntu1
8:6.8.9.9-7ubuntu2
8:6.8.9.9-7ubuntu3
8:6.8.9.9-7ubuntu4
8:6.8.9.9-7ubuntu5
8:6.8.9.9-7ubuntu5.1
8:6.8.9.9-7ubuntu5.2
8:6.8.9.9-7ubuntu5.3
8:6.8.9.9-7ubuntu5.4
8:6.8.9.9-7ubuntu5.5
8:6.8.9.9-7ubuntu5.6
8:6.8.9.9-7ubuntu5.7
8:6.8.9.9-7ubuntu5.8
8:6.8.9.9-7ubuntu5.9
8:6.8.9.9-7ubuntu5.11
8:6.8.9.9-7ubuntu5.12
8:6.8.9.9-7ubuntu5.13
8:6.8.9.9-7ubuntu5.14
8:6.8.9.9-7ubuntu5.15
8:6.8.9.9-7ubuntu5.16
8:6.8.9.9-7ubuntu5.16+esm1
8:6.8.9.9-7ubuntu5.16+esm2
8:6.8.9.9-7ubuntu5.16+esm3
8:6.8.9.9-7ubuntu5.16+esm4
8:6.8.9.9-7ubuntu5.16+esm5
8:6.8.9.9-7ubuntu5.16+esm6
8:6.8.9.9-7ubuntu5.16+esm7
8:6.8.9.9-7ubuntu5.16+esm8
8:6.8.9.9-7ubuntu5.16+esm9
8:6.8.9.9-7ubuntu5.16+esm10
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "libmagick++-6.q16-5v5",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "libmagickcore-6.q16-2",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "libmagickcore-6.q16-2-extra",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "libmagickwand-6.q16-2",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm11"
}
]
}
Ubuntu:18.04:LTS / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/ubuntu/imagemagick@8:6.9.7.4+dfsg-16ubuntu6.11?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8:6.9.7.4+dfsg-16ubuntu6.11
Affected versions
8:6.*
8:6.9.7.4+dfsg-16ubuntu2
8:6.9.7.4+dfsg-16ubuntu3
8:6.9.7.4+dfsg-16ubuntu4
8:6.9.7.4+dfsg-16ubuntu5
8:6.9.7.4+dfsg-16ubuntu6
8:6.9.7.4+dfsg-16ubuntu6.2
8:6.9.7.4+dfsg-16ubuntu6.3
8:6.9.7.4+dfsg-16ubuntu6.4
8:6.9.7.4+dfsg-16ubuntu6.7
8:6.9.7.4+dfsg-16ubuntu6.8
8:6.9.7.4+dfsg-16ubuntu6.9
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "imagemagick-6-common",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "imagemagick-6.q16hdri",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libimage-magick-q16hdri-perl",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libmagick++-6.q16-7",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libmagick++-6.q16hdri-7",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libmagickcore-6.q16-3",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libmagickcore-6.q16-3-extra",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libmagickcore-6.q16hdri-3",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libmagickcore-6.q16hdri-3-extra",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libmagickwand-6.q16-3",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "libmagickwand-6.q16hdri-3",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.11"
}
]
}
Ubuntu:20.04:LTS / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/ubuntu/imagemagick@8:6.9.10.23+dfsg-2.1ubuntu11.4?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8:6.9.10.23+dfsg-2.1ubuntu11.4
Affected versions
8:6.*
8:6.9.10.23+dfsg-2.1ubuntu3
8:6.9.10.23+dfsg-2.1ubuntu8
8:6.9.10.23+dfsg-2.1ubuntu9
8:6.9.10.23+dfsg-2.1ubuntu10
8:6.9.10.23+dfsg-2.1ubuntu11
8:6.9.10.23+dfsg-2.1ubuntu11.1
8:6.9.10.23+dfsg-2.1ubuntu11.2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "imagemagick-6-common",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "imagemagick-6.q16hdri",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libimage-magick-q16hdri-perl",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libmagick++-6.q16-8",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libmagick++-6.q16hdri-8",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libmagickcore-6.q16-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libmagickcore-6.q16-6-extra",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libmagickcore-6.q16hdri-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libmagickcore-6.q16hdri-6-extra",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libmagickwand-6.q16-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "libmagickwand-6.q16hdri-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4"
}
]
}