{"api_version":"1","generated_at":"2026-04-22T23:31:18+00:00","cve":"CVE-2020-27761","urls":{"html":"https://cve.report/CVE-2020-27761","api":"https://cve.report/api/cve/CVE-2020-27761.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-27761","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-27761"},"summary":{"title":"CVE-2020-27761","description":"WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-12-03 17:15:00","updated_at":"2023-03-11 23:15:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1894679","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1894679","refsource":"MISC","tags":["Issue Tracking"],"title":"1894679 – (CVE-2020-27761) CVE-2020-27761 ImageMagick: outside the range of representable values of type 'unsigned long' at coders/palm.c","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html","name":"[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2602-1] imagemagick security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html","name":"[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3357-1] imagemagick security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-27761","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27761","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"27761","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27761","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"imagemagick","cpe5":"imagemagick","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27761","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"imagemagick","cpe5":"imagemagick","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-27761","qid":"178502","title":"Debian Security Update for imagemagick (DLA 2602-1)"},{"cve":"CVE-2020-27761","qid":"181625","title":"Debian Security Update for imagemagick (DLA 3357-1)"},{"cve":"CVE-2020-27761","qid":"198406","title":"Ubuntu Security Notification for ImageMagick vulnerabilities (USN-4988-1)"},{"cve":"CVE-2020-27761","qid":"671560","title":"EulerOS Security Update for ImageMagick (EulerOS-SA-2022-1536)"},{"cve":"CVE-2020-27761","qid":"671612","title":"EulerOS Security Update for ImageMagick (EulerOS-SA-2022-1570)"},{"cve":"CVE-2020-27761","qid":"671705","title":"EulerOS Security Update for ImageMagick (EulerOS-SA-2022-1731)"},{"cve":"CVE-2020-27761","qid":"750398","title":"OpenSUSE Security Update for ImageMagick (openSUSE-SU-2021:0148-1)"},{"cve":"CVE-2020-27761","qid":"750404","title":"OpenSUSE Security Update for ImageMagick (openSUSE-SU-2021:0136-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-27761","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"ImageMagick","version":{"version_data":[{"version_value":"ImageMagick 7.0.9-0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-190"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1894679","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1894679"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update","url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update","url":"https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"}]},"description":{"description_data":[{"lang":"eng","value":"WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0."}]}},"nvd":{"publishedDate":"2020-12-03 17:15:00","lastModifiedDate":"2023-03-11 23:15:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":3.3,"baseSeverity":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.10-69","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.0.9-0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"27761","Ordinal":"189497","Title":"CVE-2020-27761","CVE":"CVE-2020-27761","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"27761","Ordinal":"1","NoteData":"WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"27761","Ordinal":"2","NoteData":"2020-12-03","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"27761","Ordinal":"3","NoteData":"2021-03-23","Type":"Other","Title":"Modified"}]}}}