VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2020· Updated Aug 4, 2024

CVE-2020-25666

CVE-2020-25666

Description

Integer overflow in HistogramCompare() can cause application reliability issues when ImageMagick processes a crafted input file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer overflow in HistogramCompare() can cause application reliability issues when ImageMagick processes a crafted input file.

Vulnerability

In ImageMagick versions prior to 7.0.9-0, the HistogramCompare() function in MagickCore/histogram.c contains four locations where integer overflow is possible during simple math calculations on RGB values and the count value for a color [1]. The operations use int types, which can overflow when processing specially crafted input files [1]. The fix introduces casts to ssize_t for these calculations [1].

Exploitation

An attacker needs to supply a crafted input file to ImageMagick that triggers the integer overflow conditions in HistogramCompare() [1]. No authentication or special network position is required if the victim processes the malicious file via any tool that uses the affected ImageMagick library [1]. The exact sequence involves the application calling HistogramCompare() on crafted histogram data [1].

Impact

Successful exploitation leads to undefined behavior due to signed integer overflow, which could result in application crashes or unreliable behavior [1]. The impact is primarily on application reliability (availability), not confidentiality or integrity [1]. The flaw is classified as low severity [1].

Mitigation

The issue is fixed in ImageMagick version 7.0.9-0 and later [1]. Users should upgrade to at least this version. Red Hat Enterprise Linux 5, 6, and 7 are out of support scope and no fix is provided; Inkscape on RHEL 8 is not affected as it no longer bundles ImageMagick [1]. No other workarounds are currently documented [1].

References
  1. outside the range of representable values of type int and signed integer overflow in MagickCore/histogram.c

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

43

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Integer overflow in arithmetic operations on rgb and count values in HistogramCompare() due to use of int instead of a wider type."

Attack vector

An attacker supplies a crafted image file that, when processed by ImageMagick, triggers integer overflows in the `HistogramCompare()` function. The overflows occur during arithmetic on `rgb` and `count` values, which can lead to incorrect comparison results and potentially impact application reliability [ref_id=1]. No network vector or authentication is required beyond delivering the malicious file to the victim.

Affected code

The vulnerability resides in `HistogramCompare()` in `MagickCore/histogram.c`. Four integer overflow points exist during simple math calculations on the `rgb` values and the `count` value for a color. The patch casts these calculations to `ssize_t` instead of `int` [ref_id=1].

What the fix does

The patch changes the type of intermediate calculations from `int` to `ssize_t` in the four overflow-prone locations within `HistogramCompare()`. By using a wider signed type, the arithmetic can safely accommodate larger intermediate values, preventing wrap-around that could corrupt the comparison logic [ref_id=1].

Preconditions

  • inputThe attacker must provide a crafted image file that triggers the integer overflow in HistogramCompare().
  • configThe victim must process the crafted file using an affected version of ImageMagick (prior to 7.0.9-0).

Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.