CVE-2020-27756

Name	CVE-2020-27756
Description	In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-3357-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
imagemagick (PTS)	jessie, jessie (lts)	8:6.8.9.9-5+deb8u26	fixed
	stretch (security)	8:6.9.7.4+dfsg-11+deb9u14	fixed
	stretch (lts), stretch	8:6.9.7.4+dfsg-11+deb9u19	fixed
	buster	8:6.9.10.23+dfsg-2.1+deb10u1	vulnerable
	buster (security)	8:6.9.10.23+dfsg-2.1+deb10u7	fixed
	bullseye	8:6.9.11.60+dfsg-1.3+deb11u2	fixed
	bullseye (security)	8:6.9.11.60+dfsg-1.3+deb11u3	fixed
	bookworm	8:6.9.11.60+dfsg-1.6	fixed
	bookworm (security)	8:6.9.11.60+dfsg-1.6+deb12u1	fixed
	trixie	8:6.9.12.98+dfsg1-5	fixed
	sid	8:6.9.12.98+dfsg1-5.2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
imagemagick	source	jessie	(not affected)
imagemagick	source	stretch	(not affected)
imagemagick	source	buster	8:6.9.10.23+dfsg-2.1+deb10u2	DLA-3357-1
imagemagick	source	(unstable)	8:6.9.11.24+dfsg-1

Notes

[stretch] - imagemagick <not-affected> (Vulnerable code introduced later)
https://github.com/ImageMagick/ImageMagick/issues/1725
ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f35eca82b0c294ff9d0ccad104a881c3ae2ba913
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/d3d96f05950275b916207bf9df03640ef3e9fd6e
Introduced in https://github.com/ImageMagick/ImageMagick6/commit/7dd318e6f7f86eb41e474e3131c59ea26af6c1b2 (6.9.9-34)
[jessie] - imagemagick <not-affected> (Vulnerable code introduced later)