Login Sign Up

CVE-2020-27752

7.1 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2020-27752 is a heap buffer overflow vulnerability in ImageMagick's quantum-private.h component. Attackers can exploit this by submitting crafted files to trigger memory corruption, potentially causing denial of service or arbitrary code execution. This affects all systems running ImageMagick versions prior to 7.0.9-0.

💻 Affected Systems

Products:
  • ImageMagick
Versions: All versions prior to 7.0.9-0
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using ImageMagick libraries for image processing is vulnerable when handling untrusted input

📦 What is this software?

Imagemagick by Imagemagick

View all CVEs affecting Imagemagick →

Imagemagick by Imagemagick

View all CVEs affecting Imagemagick →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Application crash and denial of service affecting availability of image processing services

🟢

If Mitigated

Limited impact with proper input validation and sandboxing, potentially just application restart

🌐 Internet-Facing: HIGH - Image processing services exposed to the internet can be directly targeted with crafted files
🏢 Internal Only: MEDIUM - Internal users could exploit via uploaded files, but requires some level of access

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting specific image files but doesn't require authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ImageMagick 7.0.9-0 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1894226

Restart Required: Yes

Instructions:

1. Update ImageMagick to version 7.0.9-0 or later using your package manager. 2. For Linux: 'sudo apt update && sudo apt upgrade imagemagick' (Debian/Ubuntu) or 'sudo yum update imagemagick' (RHEL/CentOS). 3. Restart all services using ImageMagick.

🔧 Temporary Workarounds

Disable vulnerable image formats

linux

Remove or disable support for vulnerable image formats in ImageMagick policy.xml

Edit /etc/ImageMagick-7/policy.xml and add: <policy domain="coder" rights="none" pattern="HEIC" />

Implement input validation

all

Reject files with suspicious headers or sizes before processing with ImageMagick

🧯 If You Can't Patch

  • Implement strict file upload validation and limit allowed image formats
  • Run ImageMagick in a sandboxed container with limited privileges

🔍 How to Verify

Check if Vulnerable:

Check ImageMagick version: 'convert --version' or 'magick --version'

Check Version:

convert --version | head -1

Verify Fix Applied:

Verify version is 7.0.9-0 or higher: 'convert --version | grep Version'

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in application logs
  • ImageMagick process crashes
  • Unusual file processing errors

Network Indicators:

  • Large number of image uploads to vulnerable endpoints
  • Unusual file types being submitted

SIEM Query:

source="application.log" AND ("segmentation fault" OR "ImageMagick" AND "crash")

📊 Metadata

CVE ID: CVE-2020-27752
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CWE: CWE-122
Published: December 8, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27752, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)