CVE-2021-20243 — Divide By Zero in Imagemagick

CWE-369 — Divide By Zero16 documents6 sources

Severity

5.5MEDIUMNVD

OSV7.8OSV6.5

EPSS

0.1%

top 68.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick Debian Linux

Timeline

PublishedMar 9

Latest updateDec 17

Description

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.11.60+dfsg-1.5 (bookworm)

▶NVDimagemagick/imagemagick< 7.0.10-62

▶Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u2+3

▶Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.14+11

▶CVEListV5imagemagick/imagemagickImageMagick 7.0.10-62

Also affects: Debian Linux 9.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

imagemagick vulnerabilities↗2024-07-25

▶

OSV

imagemagick vulnerabilities↗2023-07-04

▶

OSV

imagemagick vulnerabilities↗2022-11-24

▶

OSV

imagemagick vulnerabilities↗2022-11-24

▶

GHSA

GHSA-4c27-wwv3-v6h2: A flaw was found in ImageMagick in MagickCore/resize↗2022-05-24

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerability↗2024-12-17

▶

Ubuntu

ImageMagick vulnerabilities↗2024-07-25

▶

Ubuntu

ImageMagick vulnerabilities↗2023-07-04

▶

Ubuntu

ImageMagick vulnerabilities↗2022-11-24

▶

Ubuntu

ImageMagick vulnerabilities↗2022-11-24

▶