VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2020· Updated Aug 4, 2024

CVE-2020-25675

CVE-2020-25675

Description

Integer overflow and undefined behavior in ImageMagick's CropImage() routines can cause application availability issues when processing untrusted input.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer overflow and undefined behavior in ImageMagick's CropImage() routines can cause application availability issues when processing untrusted input.

Vulnerability

CropImage() and CropImageToTiles() in MagickCore/transform.c (ImageMagick prior to 7.0.9-0) use unconstrained pixel offsets in rounding calculations, leading to integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. This constitutes undefined behavior that can be triggered when processing untrusted input data [1].

Exploitation

An attacker must supply a specially crafted image file to an application that uses an affected ImageMagick version. The code path is reachable through image processing operations that call CropImage() or CropImageToTiles(). No special authentication or network position beyond delivering the malformed image is required [1].

Impact

Successful exploitation can cause undefined behavior, potentially leading to application crashes or other negative impacts on availability. The vulnerability does not directly enable code execution or information disclosure, but the undefined behavior could be leveraged for further attacks [1].

Mitigation

The upstream patch introduces functionality to constrain pixel offsets and prevent these issues. The fix is included in ImageMagick version 7.0.9-0 and later. Users should upgrade to a patched version. Red Hat Enterprise Linux 5, 6, and 7 are out of support scope for this flaw [1].

References
  1. outside the range of representable values of type 'long' and integer overflow at MagickCore/transform.c and MagickCore/image.c

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

40

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Rounding calculations on unconstrained pixel offsets in CropImage() and CropImageToTiles() cause integer overflow and out-of-range values, leading to undefined behavior."

Attack vector

An attacker supplies a crafted image file with unconstrained pixel offsets to ImageMagick [ref_id=1]. When the `CropImage()` or `CropImageToTiles()` routines process this input, rounding calculations on those offsets trigger integer overflow and out-of-range values [ref_id=1]. This undefined behavior can lead to application crashes or other availability impacts [ref_id=1]. No authentication or special network access is required beyond the ability to submit untrusted image data.

Affected code

The vulnerability resides in the `CropImage()` and `CropImageToTiles()` routines within `MagickCore/transform.c` [ref_id=1]. Rounding calculations performed on unconstrained pixel offsets in these functions cause undefined behavior [ref_id=1].

What the fix does

The advisory states that the upstream patch introduces functionality to constrain the pixel offsets, preventing the integer overflow and out-of-range issues [ref_id=1]. No patch diff is included in the bundle, so the exact code changes cannot be described. The fix ensures that rounding calculations on pixel offsets stay within valid bounds, eliminating the undefined behavior [ref_id=1].

Preconditions

  • inputThe attacker must be able to submit untrusted image data to an ImageMagick process.
  • configThe vulnerable CropImage() or CropImageToTiles() routines must be invoked on the crafted input.

Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.