vulnerability

Red Hat: CVE-2020-27761: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/palm.c

Name: Red Hat: CVE-2020-27761: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/palm.c
Creator: Red Hat
Published: 2020-12-03T00:00:00.000Z
Keywords: CVE, Red Hat, 2020, 27761, ImageMagick, no-fix-redhat-rpm-package, Severity 4

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

Dec 3, 2020

Added

Jul 9, 2025

Modified

Jul 9, 2025

Description

WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.

Solution

no-fix-redhat-rpm-package

References

NVD-CVE-2020-27761

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report