VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 3, 2020· Updated Aug 4, 2024

CVE-2020-27759

CVE-2020-27759

Description

A double-to-int cast in ImageMagick's IntensityCompare() function can trigger undefined behavior, potentially leading to application crashes via a crafted file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A double-to-int cast in ImageMagick's IntensityCompare() function can trigger undefined behavior, potentially leading to application crashes via a crafted file.

Vulnerability

In IntensityCompare() of /MagickCore/quantize.c, a double value is cast directly to int and returned. When the floating-point value is outside the representable range of int, the cast invokes undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68 [1].

Exploitation

An attacker needs only to provide a crafted input file that, when processed by ImageMagick, triggers the vulnerable code path in IntensityCompare(). No special privileges or network position beyond being able to supply the file (e.g. via upload or local access) is required. The specific conditions involve the intensity calculations reaching values that exceed the int range [1].

Impact

Successful exploitation could lead to an application crash (denial of service), as undefined behavior from an out-of-range integer cast may cause memory corruption or termination. Red Hat Product Security assessed a potential impact to application availability, though no concrete exploitation path to more severe outcomes (e.g. code execution) was demonstrated [1].

Mitigation

The fix was included in ImageMagick version 7.0.8-68 [1]. Users should upgrade to this or a later release. Red Hat Enterprise Linux 5, 6, and 7 are out of support scope; Red Hat Enterprise Linux 8 users should apply available updates. As of the publication date, no workaround short of upgrading was provided [1].

References
  1. outside the range of representable values of type 'int' at MagickCore/quantize.c

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

42

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"A double value is cast directly to int and returned in IntensityCompare(), allowing values outside the representable range of type int."

Attack vector

An attacker supplies a crafted image file that, when processed by ImageMagick, triggers the `IntensityCompare()` function with a `double` value that exceeds the range of `int`. The out-of-range cast can lead to undefined behavior, potentially causing a crash or other availability impact. No network-level exploit path is described; the attack relies on the victim opening the malicious file [ref_id=1].

Affected code

The vulnerability resides in `IntensityCompare()` within `MagickCore/quantize.c`. A `double` value is cast directly to `int` and returned, which can produce a result outside the representable range of the `int` type. ImageMagick versions prior to 7.0.8-68 are affected [ref_id=1].

What the fix does

The advisory does not include a published patch diff. The recommended fix is to ensure that the return value of `IntensityCompare()` is properly range-checked or that the function's return type is changed to avoid truncating a `double` to `int`. Without a patch, the remediation guidance is to update to ImageMagick version 7.0.8-68 or later, where the issue is addressed [ref_id=1].

Preconditions

  • inputThe victim must process a crafted image file with a vulnerable version of ImageMagick.
  • inputThe crafted file must cause IntensityCompare() to produce a double value outside the int range.

Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.