CVE-2020-27754

CVE-2020-27754

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.

Source: CVE-2020-27754

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다