In ImageMagick, there is an integer overflow in MagickCore/string.c. Reference: https://github.com/ImageMagick/ImageMagick/issues/1721 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/be90a5395695f0d19479a5d46b06c678be7f7927
Acknowledgments: Name: Suhwan Song (Seoul National University)
Statement: This flaw is out of support scope for Red Hat Enterprise Linux 5, 6, and 7. Inkscape is not affected because it no longer uses a bundled ImageMagick in Red Hat Enterprise Linux 8. For more information regarding support scopes, please see https://access.redhat.com/support/policy/updates/errata .
Flaw summary: Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick.
Created ImageMagick tracking bugs for this issue: Affects: epel-8 [bug 1901285] Affects: fedora-all [bug 1901286]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27770