Login Sign Up

CVE-2020-19667

7.8 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

This CVE describes a stack-based buffer overflow vulnerability in ImageMagick's XPM image processing function. Attackers can exploit this by crafting malicious XPM files to execute arbitrary code or cause denial of service. Systems using vulnerable ImageMagick versions to process untrusted XPM files are affected.

💻 Affected Systems

Products:
  • ImageMagick
Versions: 7.0.10-7 through 7.0.10-28 (fixed in 7.0.10-29)
Operating Systems: All operating systems running vulnerable ImageMagick versions
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using ImageMagick to process XPM files is vulnerable. This includes web applications, document processors, and image conversion tools.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Imagemagick by Imagemagick

View all CVEs affecting Imagemagick →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the ImageMagick process, potentially leading to full system compromise.

🟠

Likely Case

Denial of service through application crashes when processing malicious XPM files.

🟢

If Mitigated

Limited impact if proper input validation and sandboxing prevent malicious file processing.

🌐 Internet-Facing: MEDIUM - Exploitable if web applications process user-uploaded XPM files with vulnerable ImageMagick.
🏢 Internal Only: LOW - Requires local file processing or specific workflows involving XPM files.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the victim to process a malicious XPM file. Public proof-of-concept code exists in the GitHub issue.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ImageMagick 7.0.10-29 and later

Vendor Advisory: https://github.com/ImageMagick/ImageMagick/issues/1895

Restart Required: No

Instructions:

1. Update ImageMagick to version 7.0.10-29 or later. 2. For Debian systems, apply security updates via apt-get update && apt-get upgrade. 3. Rebuild any applications that statically link ImageMagick.

🔧 Temporary Workarounds

Disable XPM coder

linux

Remove XPM support from ImageMagick policy configuration to prevent processing of XPM files.

Edit /etc/ImageMagick-7/policy.xml and add: <policy domain="coder" rights="none" pattern="XPM" />

🧯 If You Can't Patch

  • Implement strict input validation to reject or sanitize XPM files before processing.
  • Run ImageMagick in a sandboxed environment with minimal privileges to limit exploit impact.

🔍 How to Verify

Check if Vulnerable:

Check ImageMagick version with: convert --version | head -1

Check Version:

convert --version | head -1

Verify Fix Applied:

Verify version is 7.0.10-29 or higher, or test with a known malicious XPM file (use caution).

📡 Detection & Monitoring

Log Indicators:

  • ImageMagick process crashes when handling XPM files
  • Unusual memory access errors in system logs

Network Indicators:

  • Unexpected uploads of XPM files to web applications

SIEM Query:

source="*magick*" AND ("segmentation fault" OR "buffer overflow" OR "XPM")

📊 Metadata

CVE ID: CVE-2020-19667
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: November 20, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-19667, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)