CVE-2020-27753

MEDIUM

Imagemagick < 6.9.10-69 - Memory Leak

Title source: rule

Description

There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.

References (1)

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1894229

Scores

CVSS v3 5.5

EPSS 0.0008

EPSS Percentile 23.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (1)

imagemagick/imagemagick < 6.9.10-69

Timeline

Published Dec 08, 2020

Tracked Since Feb 18, 2026