{"id":"CVE-2020-13902","details":"ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.","modified":"2026-03-14T10:06:28.790031Z","published":"2020-06-07T18:15:10.067Z","references":[{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"b3b29bb139d5766388c2abfb90ddb9222edf5d40"},{"last_affected":"1d373b14c21ea973baccdf3d067e2819c038591c"}],"database_specific":{"versions":[{"introduced":"7.0.9-27"},{"last_affected":"7.0.10-17"}]}}],"versions":["7.0.10-0","7.0.10-1","7.0.10-10","7.0.10-11","7.0.10-12","7.0.10-13","7.0.10-14","7.0.10-15","7.0.10-16","7.0.10-17","7.0.10-2","7.0.10-3","7.0.10-4","7.0.10-5","7.0.10-6","7.0.10-7","7.0.10-8","7.0.10-9","7.0.9-27"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13902.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}