CVE-2020-27756

In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1894233 Exploit Issue Tracking
Configurations

Configuration 1

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Information

Published : 2020-12-08 10:15

Updated : 2021-06-02 07:44


NVD link : CVE-2020-27756

Mitre link : CVE-2020-27756

Products Affected
No products.
CWE
CWE-190

CWE-369

Divide By Zero