DEBIAN-CVE-2020-27753
- Source
- https://security-tracker.debian.org/tracker/CVE-2020-27753
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-27753.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-27753
- Upstream
- Published
- 2020-12-08T22:15:18Z
- Modified
- 2025-09-25T22:40:46Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in
AcquireMagickMemory()because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed toAcquireMagickMemory(). This flaw affects ImageMagick versions prior to 7.0.9-0. - References
Affected packages
Debian:11 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source
Debian:12 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source
Debian:13 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source
Debian:14 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source