In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. Reference: https://github.com/ImageMagick/ImageMagick/issues/1751 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/95d4e94e0353e503b71a53f5e6fad173c7c70c90
Acknowledgments: Name: Suhwan Song (Seoul National University)
There are numerous occurrences of this patched in MagickCore/quantum-private.h. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case.
Statement: This flaw is out of support scope for Red Hat Enterprise Linux 5, 6, and 7. Inkscape is not affected because it no longer uses a bundled ImageMagick in Red Hat Enterprise Linux 8. For more information regarding support scopes, please see https://access.redhat.com/support/policy/updates/errata .
Created ImageMagick tracking bugs for this issue: Affects: epel-8 [bug 1901281] Affects: fedora-all [bug 1901282]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27768