Memory Leak

Affecting imagemagick package, versions *

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Memory Leak in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0.

Remediation

There is no fixed version for imagemagick.

References

CVSS Score

3.3
low severity
  • Attack Vector
    Local
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    None
  • Availability
    Low
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE
CVE-2020-27755
CWE
CWE-401
Snyk ID
SNYK-DEBIAN10-IMAGEMAGICK-1045691
Disclosed
08 Dec, 2020
Published
26 Nov, 2020