Unrated severityNVD Advisory· Published Dec 8, 2020· Updated Aug 4, 2024

CVE-2020-27754

Description

ImageMagick's IntensityCompare() can return overflowed pixel intensities causing undefined behavior; fixed in 6.9.10-69 and 7.0.8-69.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ImageMagick's IntensityCompare() can return overflowed pixel intensities causing undefined behavior; fixed in 6.9.10-69 and 7.0.8-69.

Vulnerability

In IntensityCompare() of /magick/quantize.c, calls to PixelPacketIntensity() can return overflowed values when ImageMagick processes a crafted input file [1]. This affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69 [1]. The overflowed values are outside the range of representable values of type long, leading to signed integer overflow and undefined behavior [1].

Exploitation

An attacker can trigger this vulnerability by providing a specially crafted image file to ImageMagick [1]. No authentication or special privileges are required, only the ability to induce the application to process the malicious file [1]. The issue was detected by UndefinedBehaviorSanitizer, indicating that the attacker does not need any specific user interaction beyond opening the file [1].

Impact

While the undefined behavior could potentially cause an impact to availability, no concrete availability impact was demonstrated [1]. The flaw is rated as Low severity due to the lack of a proven exploit path to denial of service or other impacts [1]. The primary risk is that undefined behavior could lead to unexpected program behavior or crashes under certain conditions.

Mitigation

The fix is included in ImageMagick versions 6.9.10-69 and 7.0.8-69, which introduce the ConstrainPixelIntensity() function to force pixel intensities within proper bounds and prevent overflow [1]. Users should update to these or later versions. For Red Hat Enterprise Linux 5, 6, and 7, the flaw is out of support scope; Inkscape on RHEL 8 is not affected due to unbundled ImageMagick [1].

References

outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

ImageMagick/ImageMagickdescription
ImageMagick/Imagemagickllm-fuzzy
Range: <6.9.10-69, <7.0.8-69
osv-coords40 versions
pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.2 pkg:rpm/suse/ImageMagick&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ImageMagick&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/ImageMagick&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Proxy%204.0 pkg:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0 pkg:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Server%204.0 pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 7.0.7.34-lp151.7.26.1+ 39 more
- (no CPE)range: < 7.0.7.34-lp151.7.26.1
- (no CPE)range: < 7.0.7.34-lp152.12.9.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-10.9.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-10.9.1
- (no CPE)range: < 6.4.3.6-78.135.1
- (no CPE)range: < 6.4.3.6-78.135.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1

Patches

No patches discovered yet.

Vulnerability mechanics

Root cause

"Signed integer overflow in PixelPacketIntensity() called from IntensityCompare() allows pixel intensities to exceed the representable range of type 'long'."

Attack vector

An attacker provides a specially crafted image file that triggers a signed integer overflow inside `PixelPacketIntensity()` when `IntensityCompare()` processes it [ref_id=1]. The overflow causes pixel intensities to fall outside the representable range of type `long`, resulting in undefined behavior. No authentication or special network access is required beyond delivering the malformed file to a vulnerable ImageMagick instance.

Affected code

The flaw resides in `IntensityCompare()` within `/magick/quantize.c`. The function calls `PixelPacketIntensity()` which can return overflowed values when ImageMagick processes a crafted input file, leading to undefined behavior. The patch introduces `ConstrainPixelIntensity()` to clamp intensities to valid bounds.

What the fix does

The patch introduces the `ConstrainPixelIntensity()` function, which forces pixel intensities to remain within proper bounds after computation. By calling this new function instead of directly using the raw return value of `PixelPacketIntensity()`, the fix eliminates the undefined behavior caused by signed integer overflow. The advisory notes that no availability impact was demonstrated, but the undefined behavior is still corrected.

Preconditions

inputThe attacker must supply a crafted image file that triggers the overflow condition in IntensityCompare().
configThe vulnerable version of ImageMagick must be used (prior to 6.9.10-69 or 7.0.8-69).

Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

lists.debian.org/debian-lts-announce/2021/03/msg00030.htmlmitremailing-list
lists.debian.org/debian-lts-announce/2023/03/msg00008.htmlmitremailing-list
bugzilla.redhat.com/show_bug.cgimitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000