CVE-2020-27755
Description
Memory leak in ImageMagick's SetImageExtent() due to unreset image depth size on invalid input, causing denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory leak in ImageMagick's SetImageExtent() due to unreset image depth size on invalid input, causing denial of service.
Vulnerability
In SetImageExtent() in /MagickCore/image.c, when an invalid image depth size is provided, the code does not reset the depth before throwing an exception, resulting in a memory leak. This flaw affects ImageMagick versions prior to 7.0.9-0 [1].
Exploitation
An attacker can trigger the memory leak by supplying a crafted input file that is processed by ImageMagick. No special privileges beyond the ability to submit the file for processing are required [1].
Impact
Successful exploitation causes a memory leak, leading to potential denial of service by degrading application reliability or exhausting available memory [1].
Mitigation
The issue is fixed in ImageMagick version 7.0.9-0 [1]. Users should upgrade to this version or later. Red Hat Enterprise Linux 5, 6, and 7 are out of support scope and are not affected by this flaw. Inkscape is not affected because it no longer uses a bundled ImageMagick in RHEL 8 [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
43- ImageMagick/ImageMagickdescription
- Range: <7.0.9-0
- osv-coords41 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ImageMagick&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ImageMagick&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/ImageMagick&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 7.0.7.34-lp151.7.26.1+ 40 more
- (no CPE)range: < 7.0.7.34-lp151.7.26.1
- (no CPE)range: < 7.0.7.34-lp152.12.9.1
- (no CPE)range: < 7.1.0.9-1.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-10.9.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-10.9.1
- (no CPE)range: < 6.4.3.6-78.135.1
- (no CPE)range: < 6.4.3.6-78.135.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"In SetImageExtent(), an incorrect image depth size is not reset before throwing an exception, causing a memory leak in ResizeMagickMemory()."
Attack vector
An attacker provides a crafted input file with an incorrect image depth size. When ImageMagick processes this file, `SetImageExtent()` fails to reset the depth to a proper value before throwing an exception, causing a memory leak via `ResizeMagickMemory()` [ref_id=1]. The leak can be triggered without authentication, requiring only that the victim application processes the malicious file, leading to application reliability impact such as denial of service [ref_id=1].
Affected code
The flaw resides in `SetImageExtent()` in `/MagickCore/image.c`. The function does not reset the image depth size when an invalid size is detected, leading to a memory leak in the `ResizeMagickMemory()` function in `/MagickCore/memory.c` [ref_id=1].
What the fix does
The patch resets the image depth to a proper size before throwing an exception in `SetImageExtent()` [ref_id=1]. By ensuring the depth is corrected prior to the error path, the subsequent memory operations in `ResizeMagickMemory()` no longer operate on an inconsistent state, preventing the memory leak [ref_id=1]. No patch diff is included in the bundle, but the advisory describes this remediation approach.
Preconditions
- inputVictim application must process a crafted input file using ImageMagick
- authNo authentication required; the attack can be triggered by file processing
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.