CVE-2021-20245Divide By Zero in Imagemagick

CWE-369Divide By Zero9 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 53.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
ImagemagickDebian ImagemagickDebian Linux+2 more
Timeline
PublishedMar 9
Latest updateNov 24

Description

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.60+dfsg-1.5 (bookworm)
NVDimagemagick/imagemagick7.0.07.0.10-62+1
Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u2+3
Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.14+4
CVEListV5imagemagick/imagemagickImageMagick 6.9.11-62, ImageMagick 7.0.10-62

Also affects: Debian Linux 9.0, Fedora 33, Enterprise Linux 6.0, 7.0, 8.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
OSV
imagemagick vulnerabilities2022-11-24
OSV
imagemagick vulnerabilities2022-11-24
GHSA
GHSA-pwcp-7wg2-65jc: A flaw was found in ImageMagick in coders/webp2022-05-24
OSV
CVE-2021-20245: A flaw was found in ImageMagick in coders/webp2021-03-09

📋Vendor Advisories

4
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2022-11-24
Red Hat
ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.c2021-02-01
Debian
CVE-2021-20245: imagemagick - A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a craf...2021
CVE-2021-20245 — Divide By Zero in Imagemagick | cvebase