VIR Vulnerability Intelligence Relay

CVE-2020-13902

medium
Published — · Modified —
CVSS v3
CVSS v2
VIR risk
5.5

Description

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-13902

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202006-14

OS impact
OSVersionStatusFixed in
arch archfixed7.0.10.20-1
debian debianbookwormfixed8:6.9.11.24+dfsg-1
debian debianbullseyefixed8:6.9.11.24+dfsg-1
debian debianforkyfixed8:6.9.11.24+dfsg-1
debian debiansidfixed8:6.9.11.24+dfsg-1
debian debiantrixiefixed8:6.9.11.24+dfsg-1

References

Verify integrity in audit chain (admin only). AS-IS.