CVE-2020-27754

Name	CVE-2020-27754
Description	In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
References	DLA-2602-1, DLA-3357-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
imagemagick (PTS)	buster	8:6.9.10.23+dfsg-2.1+deb10u1	vulnerable
	buster (security)	8:6.9.10.23+dfsg-2.1+deb10u5	fixed
	bullseye (security), bullseye	8:6.9.11.60+dfsg-1.3+deb11u1	fixed
	bookworm, sid	8:6.9.11.60+dfsg-1.6	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
imagemagick	source	stretch	8:6.9.7.4+dfsg-11+deb9u12	DLA-2602-1
imagemagick	source	buster	8:6.9.10.23+dfsg-2.1+deb10u2	DLA-3357-1
imagemagick	source	(unstable)	8:6.9.11.24+dfsg-1

Notes

https://github.com/ImageMagick/ImageMagick/issues/1754
ImageMagick: https://github.com/ImageMagick/ImageMagick6/commit/d5df600d43c8706df513a3273d09aee6f54a9233
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/d5df600d43c8706df513a3273d09aee6f54a9233