Unrated severityNVD Advisory· Published Dec 8, 2020· Updated Aug 4, 2024

CVE-2020-27750

Description

ImageMagick's ConvertRGBToCMYK() in MagickCore/colorspace-private.h has a division by zero when processing crafted files, leading to application crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ImageMagick's ConvertRGBToCMYK() in MagickCore/colorspace-private.h has a division by zero when processing crafted files, leading to application crash.

Vulnerability

In ImageMagick versions prior to 7.0.8-68, the function ConvertRGBToCMYK() in MagickCore/colorspace-private.h contains a division by zero bug. When processing a crafted image file, the calculations for cyan, magenta, and yellow colors can result in a zero denominator, triggering a divide-by-zero runtime error [1]. This is an undefined behavior that could also produce values outside the range of type unsigned char [1].

Exploitation

An attacker can exploit this vulnerability by submitting a specially crafted image file to ImageMagick for processing. No special privileges are required; the victim or a service running ImageMagick would process the file. The flaw is triggered during color space conversion, specifically in the ConvertRGBToCMYK() path [1].

Impact

Successful exploitation leads to an application crash, primarily affecting availability. Because it is undefined behavior, there is a potential for other impacts, though the primary risk is a denial of service [1].

Mitigation

The fix is included in ImageMagick version 7.0.8-68 and later. The patch replaces division with multiplication and uses the PerceptibleReciprocal() function to avoid divide-by-zero conditions [1]. Users should upgrade to a patched version. Red Hat Enterprise Linux 5, 6, and 7 are out of support scope; Inkscape on RHEL 8 is not affected as it no longer bundles ImageMagick [1].

References

division by zero in MagickCore/colorspace-private.h

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

ImageMagick/ImageMagickdescription
ImageMagick/Imagemagickllm-fuzzy
Range: <7.0.8-68
osv-coords39 versions
pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweed pkg:rpm/suse/ImageMagick&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ImageMagick&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/ImageMagick&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Proxy%204.0 pkg:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0 pkg:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Server%204.0 pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 7.0.7.34-lp151.7.26.1+ 38 more
- (no CPE)range: < 7.0.7.34-lp151.7.26.1
- (no CPE)range: < 7.0.7.34-lp152.12.9.1
- (no CPE)range: < 7.1.0.9-1.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-10.9.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-10.9.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1

Patches

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing safe reciprocal handling in RGB-to-CMYK color conversion leads to division by zero."

Attack vector

An attacker submits a crafted image file that, when processed by ImageMagick, causes values outside the range of type `unsigned char` and a math division by zero in the `ConvertRGBToCMYK()` function [ref_id=1]. The attacker does not require any special privileges; the only precondition is that the victim uses ImageMagick to open or convert the malicious file. This undefined behavior most likely leads to a crash, impacting application availability, but could potentially cause other unpredictable outcomes [ref_id=1].

Affected code

The flaw resides in `MagickCore/colorspace-private.h` and `MagickCore/quantum.h`. In `ConvertRGBToCMYK()` within `colorspace-private.h`, calculations for cyan, magenta, and yellow color components can trigger a divide-by-zero runtime error when processing untrusted input file data [ref_id=1].

What the fix does

The patch modifies the division operations in `ConvertRGBToCMYK()` to use the `PerceptibleReciprocal()` function and replaces division with multiplication, thereby avoiding divide-by-zero conditions [ref_id=1]. The advisory notes that it is not certain whether the patch also fixes the out-of-range bug, which may have been patched elsewhere [ref_id=1]. No patch diff is included in the bundle, so the exact changes cannot be verified from this source alone.

Preconditions

inputThe victim must process a crafted image file using ImageMagick.

Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

lists.debian.org/debian-lts-announce/2021/01/msg00010.htmlmitremailing-list
lists.debian.org/debian-lts-announce/2023/03/msg00008.htmlmitremailing-list
bugzilla.redhat.com/show_bug.cgimitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000