CVE-2020-27774

Summary

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type ssize_t. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

Affected Software

VendorProductVersion RangeStatus
n/aImageMagickImageMagick 7.0.9-0affected

Weaknesses

  • CWE-190: CWE-190

ADP Enrichment

CVE Program Container

Additional References

References