CVE-2020-27765
Description
A division by zero vulnerability in ImageMagick's segment.c allows attackers to cause denial of service via crafted files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A division by zero vulnerability in ImageMagick's segment.c allows attackers to cause denial of service via crafted files.
Vulnerability
A flaw exists in ImageMagick's MagickCore/segment.c where processing a specially crafted file can trigger a division by zero, leading to undefined behavior. This affects ImageMagick versions prior to 7.0.9-0. The vulnerability is reachable when ImageMagick processes user-supplied images, such as through web uploads or automated pipelines [1].
Exploitation
An attacker can exploit this vulnerability by submitting a crafted image file to an application or service that uses ImageMagick to process it. No authentication or special privileges are required; the attacker only needs the ability to provide a malicious file that triggers the division by zero in the segment.c code path [1].
Impact
Successful exploitation most likely results in a denial of service (application crash) due to undefined behavior from the division by zero. While the primary impact is on availability, other unpredictable consequences could occur depending on the compiler and runtime environment [1].
Mitigation
The vulnerability is fixed in ImageMagick version 7.0.9-0 and later. Users should upgrade to this version or newer. For Red Hat Enterprise Linux 5, 6, and 7, this issue is out of support scope; Inkscape on RHEL 8 is not affected as it no longer bundles a vulnerable ImageMagick [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
43- ImageMagick/ImageMagickdescription
- Range: <7.0.9-0
- osv-coords41 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ImageMagick&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ImageMagick&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/ImageMagick&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 7.0.7.34-lp151.7.26.1+ 40 more
- (no CPE)range: < 7.0.7.34-lp151.7.26.1
- (no CPE)range: < 7.0.7.34-lp152.12.9.1
- (no CPE)range: < 7.1.0.9-1.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-10.9.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-10.9.1
- (no CPE)range: < 6.4.3.6-78.135.1
- (no CPE)range: < 6.4.3.6-78.135.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 7.0.7.34-3.90.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
- (no CPE)range: < 6.8.8.1-71.154.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- lists.debian.org/debian-lts-announce/2021/01/msg00010.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2023/03/msg00008.htmlmitremailing-list
- bugzilla.redhat.com/show_bug.cgimitre
News mentions
0No linked articles in our index yet.