CVE-2020-13902

HIGH

Imagemagick < 7.0.10-17 - Out-of-Bounds Read

Title source: rule

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

Core 1

Core References

Third Party Advisory x_refsource_misc

CVSS v3 7.1

EPSS 0.0028

EPSS Percentile 51.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE

CWE-125

Status published

Products (1)

imagemagick/imagemagick 7.0.9-27 - 7.0.10-17

Published Jun 07, 2020

Tracked Since Feb 18, 2026