CVE-2021-20244Divide By Zero in Imagemagick

CWE-369Divide By Zero15 documents6 sources
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.1%
top 67.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
ImagemagickDebian ImagemagickDebian Linux+2 more
Timeline
PublishedMar 9
Latest updateJul 25

Description

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.60+dfsg-1.5 (bookworm)
NVDimagemagick/imagemagick< 7.0.10-62
Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u2+3
Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.12+13
CVEListV5imagemagick/imagemagickImageMagick 7.0.10-62

Also affects: Debian Linux 9.0, Fedora 33, Enterprise Linux 6.0, 7.0, 8.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

7
OSV
imagemagick vulnerabilities2024-07-25
OSV
imagemagick vulnerabilities2023-07-04
OSV
imagemagick vulnerabilities2022-11-24
OSV
imagemagick vulnerabilities2022-11-24
GHSA
GHSA-2wj7-w2rp-g7h5: A flaw was found in ImageMagick in MagickCore/visual-effects2022-05-24

📋Vendor Advisories

7
Ubuntu
ImageMagick vulnerabilities2024-07-25
Ubuntu
ImageMagick vulnerabilities2023-07-04
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2021-11-29
CVE-2021-20244 — Divide By Zero in Imagemagick | cvebase