CVE-2021-20309Divide By Zero in Imagemagick

CWE-369Divide By Zero15 documents6 sources
Severity
7.5HIGHNVD
OSV7.8OSV5.5
EPSS
0.2%
top 52.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickDebian Linux
Timeline
PublishedMay 11
Latest updateJul 25

Description

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.60+dfsg-1.5 (bookworm)
NVDimagemagick/imagemagick7.0.0-07.0.11-0+1
Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u2+3
Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.12+13

Also affects: Debian Linux 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

7
OSV
imagemagick vulnerabilities2024-07-25
OSV
imagemagick vulnerabilities2023-07-04
OSV
imagemagick vulnerabilities2022-11-24
OSV
imagemagick vulnerabilities2022-11-24
GHSA
GHSA-vfcg-3f47-8mgm: A flaw was found in ImageMagick in versions before 72022-05-24

📋Vendor Advisories

7
Ubuntu
ImageMagick vulnerabilities2024-07-25
Ubuntu
ImageMagick vulnerabilities2023-07-04
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2021-11-29