CVE-2021-20176Divide By Zero in Imagemagick

CWE-369Divide By Zero11 documents6 sources
Severity
5.5MEDIUMNVD
OSV6.5
EPSS
0.1%
top 67.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickDebian Linux
Timeline
PublishedFeb 6
Latest updateDec 17

Description

A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.57+dfsg-1 (bookworm)
NVDimagemagick/imagemagick7.0.0-07.0.10-56+1
Debianimagemagick/imagemagick< 8:6.9.11.57+dfsg-1+3
Ubuntuimagemagick/imagemagick< 8:6.8.9.9-7ubuntu5.16+esm2
CVEListV5imagemagick/imagemagick6.9.11-57, 7.0.10-57

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-rjh9-hq94-crmg: A flaw was found in ImageMagick in MagickCore/gem2022-05-24
OSV
imagemagick vulnerabilities2022-03-18
OSV
CVE-2021-20176: A divide-by-zero flaw was found in ImageMagick 62021-02-06

📋Vendor Advisories

7
Ubuntu
ImageMagick vulnerability2024-12-17
Ubuntu
ImageMagick vulnerabilities2022-03-18
Ubuntu
ImageMagick vulnerabilities2021-06-15
Red Hat
ImageMagick: Division by zero in GenerateDifferentialNoise in MagickCore/gem.c2021-02-02
Red Hat
ImageMagick: processing crafted file leads to division by zero2021-01-06