UBUNTU-CVE-2020-27752

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2020-27752

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-27752.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-27752

Related

CVE-2020-27752

Published

2020-12-08T22:15:00Z

Modified

2020-12-08T22:15:00Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.

References

Affected packages

Ubuntu:Pro:14.04:LTS / imagemagick

Package

Name: imagemagick

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.7.7.10-5ubuntu3

8:6.7.7.10-5ubuntu4

8:6.7.7.10-6ubuntu1

8:6.7.7.10-6ubuntu2

8:6.7.7.10-6ubuntu3

8:6.7.7.10-6ubuntu3.1

8:6.7.7.10-6ubuntu3.2

8:6.7.7.10-6ubuntu3.3

8:6.7.7.10-6ubuntu3.4

8:6.7.7.10-6ubuntu3.5

8:6.7.7.10-6ubuntu3.6

8:6.7.7.10-6ubuntu3.7

8:6.7.7.10-6ubuntu3.8

8:6.7.7.10-6ubuntu3.9

8:6.7.7.10-6ubuntu3.11

8:6.7.7.10-6ubuntu3.12

8:6.7.7.10-6ubuntu3.13

8:6.7.7.10-6ubuntu3.13+esm1

8:6.7.7.10-6ubuntu3.13+esm2

8:6.7.7.10-6ubuntu3.13+esm3

8:6.7.7.10-6ubuntu3.13+esm4

8:6.7.7.10-6ubuntu3.13+esm5

8:6.7.7.10-6ubuntu3.13+esm6

8:6.7.7.10-6ubuntu3.13+esm7

8:6.7.7.10-6ubuntu3.13+esm8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / imagemagick

Package

Name: imagemagick

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.8.9.9-5ubuntu2

8:6.8.9.9-6

8:6.8.9.9-6build1

8:6.8.9.9-7

8:6.8.9.9-7ubuntu1

8:6.8.9.9-7ubuntu2

8:6.8.9.9-7ubuntu3

8:6.8.9.9-7ubuntu4

8:6.8.9.9-7ubuntu5

8:6.8.9.9-7ubuntu5.1

8:6.8.9.9-7ubuntu5.2

8:6.8.9.9-7ubuntu5.3

8:6.8.9.9-7ubuntu5.4

8:6.8.9.9-7ubuntu5.5

8:6.8.9.9-7ubuntu5.6

8:6.8.9.9-7ubuntu5.7

8:6.8.9.9-7ubuntu5.8

8:6.8.9.9-7ubuntu5.9

8:6.8.9.9-7ubuntu5.11

8:6.8.9.9-7ubuntu5.12

8:6.8.9.9-7ubuntu5.13

8:6.8.9.9-7ubuntu5.14

8:6.8.9.9-7ubuntu5.15

8:6.8.9.9-7ubuntu5.16

8:6.8.9.9-7ubuntu5.16+esm1

8:6.8.9.9-7ubuntu5.16+esm2

8:6.8.9.9-7ubuntu5.16+esm3

8:6.8.9.9-7ubuntu5.16+esm4

8:6.8.9.9-7ubuntu5.16+esm5

8:6.8.9.9-7ubuntu5.16+esm6

8:6.8.9.9-7ubuntu5.16+esm7

8:6.8.9.9-7ubuntu5.16+esm8

8:6.8.9.9-7ubuntu5.16+esm9

8:6.8.9.9-7ubuntu5.16+esm10

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / imagemagick

Package

Name: imagemagick

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.7.4+dfsg-16ubuntu2

8:6.9.7.4+dfsg-16ubuntu3

8:6.9.7.4+dfsg-16ubuntu4

8:6.9.7.4+dfsg-16ubuntu5

8:6.9.7.4+dfsg-16ubuntu6

8:6.9.7.4+dfsg-16ubuntu6.2

8:6.9.7.4+dfsg-16ubuntu6.3

8:6.9.7.4+dfsg-16ubuntu6.4

8:6.9.7.4+dfsg-16ubuntu6.7

8:6.9.7.4+dfsg-16ubuntu6.8

8:6.9.7.4+dfsg-16ubuntu6.9

8:6.9.7.4+dfsg-16ubuntu6.11

8:6.9.7.4+dfsg-16ubuntu6.12

8:6.9.7.4+dfsg-16ubuntu6.13

8:6.9.7.4+dfsg-16ubuntu6.14

8:6.9.7.4+dfsg-16ubuntu6.15

8:6.9.7.4+dfsg-16ubuntu6.15+esm1

8:6.9.7.4+dfsg-16ubuntu6.15+esm2

8:6.9.7.4+dfsg-16ubuntu6.15+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / imagemagick

Package

Name: imagemagick

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.10.23+dfsg-2.1ubuntu3

8:6.9.10.23+dfsg-2.1ubuntu8

8:6.9.10.23+dfsg-2.1ubuntu9

8:6.9.10.23+dfsg-2.1ubuntu10

8:6.9.10.23+dfsg-2.1ubuntu11

8:6.9.10.23+dfsg-2.1ubuntu11.1

8:6.9.10.23+dfsg-2.1ubuntu11.2

8:6.9.10.23+dfsg-2.1ubuntu11.4

8:6.9.10.23+dfsg-2.1ubuntu11.5

8:6.9.10.23+dfsg-2.1ubuntu11.6

8:6.9.10.23+dfsg-2.1ubuntu11.7

8:6.9.10.23+dfsg-2.1ubuntu11.9

8:6.9.10.23+dfsg-2.1ubuntu11.10

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/ubuntu/imagemagick@8:6.9.11.60+dfsg-1ubuntu1?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.11.60+dfsg-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "imagemagick-common": "8:6.9.11.60+dfsg-1ubuntu1",
            "libimage-magick-q16-perl": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-6.q16hdri-6-extra-dbgsym": "8:6.9.11.60+dfsg-1ubuntu1",
            "libimage-magick-q16hdri-perl": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagick++-6.q16-8-dbgsym": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagick++-dev": "8:6.9.11.60+dfsg-1ubuntu1",
            "imagemagick-6-common": "8:6.9.11.60+dfsg-1ubuntu1",
            "imagemagick-6.q16hdri-dbgsym": "8:6.9.11.60+dfsg-1ubuntu1",
            "libimage-magick-perl": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickwand-6.q16hdri-6": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagick++-6.q16hdri-dev": "8:6.9.11.60+dfsg-1ubuntu1",
            "imagemagick-6.q16-dbgsym": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickwand-6.q16-6-dbgsym": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-6.q16-6-extra-dbgsym": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-6.q16-dev": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickwand-dev": "8:6.9.11.60+dfsg-1ubuntu1",
            "imagemagick-6-doc": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickwand-6.q16-dev": "8:6.9.11.60+dfsg-1ubuntu1",
            "perlmagick": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagick++-6.q16hdri-8-dbgsym": "8:6.9.11.60+dfsg-1ubuntu1",
            "libimage-magick-q16-perl-dbgsym": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-6.q16hdri-dev": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickwand-6-headers": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-6.q16-6": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagick++-6-headers": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-6-headers": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickwand-6.q16hdri-dev": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickwand-6.q16hdri-6-dbgsym": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-6.q16hdri-6-extra": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-6.q16hdri-6": "8:6.9.11.60+dfsg-1ubuntu1",
            "imagemagick-doc": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-6.q16-6-extra": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagick++-6.q16-8": "8:6.9.11.60+dfsg-1ubuntu1",
            "imagemagick": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagick++-6.q16hdri-8": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-6-arch-config": "8:6.9.11.60+dfsg-1ubuntu1",
            "imagemagick-6.q16": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagick++-6.q16-dev": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickwand-6.q16-6": "8:6.9.11.60+dfsg-1ubuntu1",
            "imagemagick-6.q16hdri": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-6.q16hdri-6-dbgsym": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-6.q16-6-dbgsym": "8:6.9.11.60+dfsg-1ubuntu1",
            "libimage-magick-q16hdri-perl-dbgsym": "8:6.9.11.60+dfsg-1ubuntu1",
            "libmagickcore-dev": "8:6.9.11.60+dfsg-1ubuntu1"
        }
    ]
}